Commit Graph

352 Commits

Author SHA1 Message Date
Andrea Cardaci
8eaf595fe6 Make interactive execute whenever possible
Here the trick is to restore those file descriptors (0, 1, 2) that have been
redirected (`dup2`) by the parent process.

First we need to determine which one has been redirected, for example by looking
at `ls -l /proc/$$/fd/`. Then we can use `0<&x`, `1>&x` or `2>&x` to restore 0,
1 or 2 respectively, where `x` is any file descriptor number that points to the
TTY.

It may happen that no file descriptor is unchanged, in that case we can use
`tty` to perform the redirection: sh <$(tty) >$(tty) 2>$(tty)
2018-09-07 01:11:06 +02:00
Andrea Cardaci
5b79154cf1 Avoid output file for tcpdump 2018-09-07 00:29:58 +02:00
Andrea Cardaci
ab62d024b1 Make xargs execute-interactive 2018-09-06 23:35:27 +02:00
Andrea Cardaci
7c0fa85a66 Make nano/pico execute-interactive by using exec 2018-09-06 21:36:20 +02:00
Andrea Cardaci
65c3d3409f Fix ssh execute 2018-09-06 20:40:36 +02:00
Andrea Cardaci
14ea39d22f Fix description long lines 2018-09-06 19:18:22 +02:00
Andrea Cardaci
d180391d7e Fix Python link in pip 2018-09-06 19:18:12 +02:00
Andrea Cardaci
7d9465bd6a Add pip
As suggested by #20.
2018-09-06 18:46:22 +02:00
Andrea Cardaci
9c96140f1d Add date
Thanks to #20.
2018-09-06 17:08:01 +02:00
Emilio Pinna
cb695abfa6 Add chmod and chown as suggested in #20 2018-09-05 17:59:07 +01:00
Emilio Pinna
f2ab6a6283 Remove file-read and file-write from cp and mv 2018-09-05 17:38:32 +01:00
Andrea Cardaci
aab8e783ec Add facter
Thanks to #20.
2018-09-04 13:42:37 +02:00
Emilio Pinna
d5f546b67d Polish cp and mv descriptions 2018-09-03 21:40:09 +01:00
Emilio Pinna
08a82c913a Add mv as suggested in #20 2018-09-03 21:38:22 +01:00
Emilio Pinna
508a06c14a Add cp as suggested in #20 2018-09-03 21:33:24 +01:00
Andrea Cardaci
8f4b085807 Fix shuf YAML 2018-08-31 15:51:14 +02:00
Andrea Cardaci
6bfc58daab Add notice about tcpdump traffic requirements 2018-08-31 11:29:36 +02:00
Andrea Cardaci
09564b427f Add apt, apt-get, mysql and smbclient
Thanks to #20.
2018-08-31 11:09:19 +02:00
Andrea Cardaci
5b18d9340a Fix red YAML 2018-08-31 10:17:36 +02:00
George O
cbab8b803a Add red
Close #17.
2018-08-27 16:27:12 +02:00
Emilio Pinna
51acc5bc9b Fix tcpdump sudo-enabled 2018-08-24 17:59:16 +01:00
Andrea Cardaci
1bff7d1525 Fix SUID for less and pg 2018-08-24 13:30:23 +02:00
Andrea Cardaci
38a5860d48 Add file-write to less 2018-08-24 12:32:06 +02:00
Andrea Cardaci
41bd75145c Fix SUID for less and pg
Only file access is possible in that case.
2018-08-24 12:25:57 +02:00
Andrea Cardaci
e310b1f565 Fix more YAML 2018-08-24 12:08:37 +02:00
pshem
2b16dd52e8 Add nice, cpulimit and pg 2018-08-24 11:33:15 +02:00
Emilio Pinna
e84ec807a1 Fix nmap suid-limited 2018-08-23 23:45:07 +01:00
Emilio Pinna
8fb329ca92 Fix nmap suid-limited 2018-08-23 23:44:27 +01:00
Emilio Pinna
0681eacca5 Add reverse and bind shell and file transfer functions to nmap 2018-08-23 18:29:50 +01:00
Andrea Cardaci
97c54f9b22 Fix nmap descriptions 2018-08-23 18:11:27 +02:00
Andrea Cardaci
d4b50275bb Use DATA as a placeholder for file-write operations 2018-08-20 15:00:34 +02:00
Andrea Cardaci
866ca2e404 Fix other editors file write 2018-08-20 15:00:34 +02:00
Andrea Cardaci
b4b67ff10b Fix ed file read/write 2018-08-20 15:00:34 +02:00
Emilio Pinna
0ba5df0cb9 Use temporary files in zip functions 2018-08-19 11:32:48 +01:00
Emilio Pinna
a68ef39e30 Standardize tcpdump temporary file creation 2018-08-19 11:24:13 +01:00
Emilio Pinna
14c8781f2d Fix nmap description and temporary file 2018-08-19 11:20:37 +01:00
Emilio Pinna
f34aa31334 Remove docker interactive-execute 2018-08-19 11:14:16 +01:00
Andrea Cardaci
f740b410cc Simplify zip and add suid-limited 2018-08-19 11:43:26 +02:00
Andrea Cardaci
2ff760e560 Fix and simplify tcpdump 2018-08-19 11:43:26 +02:00
Andrea Cardaci
acf29564cb Simplify rsync and add interactive execute 2018-08-19 11:43:26 +02:00
Andrea Cardaci
7822ec33e8 Add suid, description and YAML fixes to nmap 2018-08-19 11:43:26 +02:00
Andrea Cardaci
c20ade4551 Make docker disposable, use sh instead of bash and add description 2018-08-19 11:43:26 +02:00
AlessandroZ
7219385a05 add new ways 2018-08-17 17:16:09 +02:00
Andrea Cardaci
6b73dcf283 Use the portable -u option for mktemp instead of removing the file
Close #15.
2018-07-31 12:44:16 +02:00
Emilio Pinna
53ad35fb10 Add suid-enabled and sudo-enabled to tftp 2018-07-22 18:24:39 +01:00
Emilio Pinna
3469b03e78 Add sudo-enabled and suid-limited to socat 2018-07-22 15:49:15 +01:00
Emilio Pinna
0f422cdd6a Reorder functions in git, lua, and nc 2018-07-22 15:42:43 +01:00
Emilio Pinna
38cd886b36 Describe which functions work with netcat traditional 2018-07-22 15:35:26 +01:00
Emilio Pinna
fbd8a68cae Add suid-limited and sudo-enabled to nc 2018-07-22 15:34:05 +01:00
Emilio Pinna
4de0246992 Use double backtick for inline code 2018-07-22 15:22:03 +01:00
Emilio Pinna
b016b7b9dd Add suid-enabled and sudo-enabled to curl, dd, and wget 2018-07-22 14:30:03 +01:00
Emilio Pinna
00a06edb07 Fix lua descriptions 2018-07-22 14:12:20 +01:00
Emilio Pinna
ef92163d03 Add git 2018-07-22 14:06:54 +01:00
Emilio Pinna
bfd61e93fc Add lua 2018-07-22 12:47:57 +01:00
Emilio Pinna
94f43fb943 Fix nc download description 2018-07-22 12:47:43 +01:00
Andrea Cardaci
e1cd3aed68 Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00
Andrea Cardaci
a00f689760 Improve mount 2018-07-16 13:47:09 +02:00
Andrea Cardaci
e50f44521e Improve crontab 2018-07-16 13:37:17 +02:00
kk
85b99ce89f added crontab and mount 2018-07-16 10:00:14 +02:00
Emilio Pinna
d6895f367d Reorder functions in binaries 2018-07-04 19:26:52 +01:00
Emilio Pinna
80b20b6991 Add ruby download 2018-06-17 20:16:43 +01:00
Emilio Pinna
401c469b26 Add versions requirements on PHP and ruby 2018-06-17 20:08:02 +01:00
Emilio Pinna
50ffed4210 Replace more suid-limited execution with a suid-enabled read example 2018-06-17 11:39:42 +01:00
Emilio Pinna
7fa5b1e16e Use valid Mbox file for mail 2018-06-17 11:28:23 +01:00
Emilio Pinna
06966c8cd4 Remove mail suid-limited 2018-06-17 11:27:03 +01:00
Emilio Pinna
fce5a22341 Add sudo-enabled to cut 2018-06-16 16:13:16 +01:00
Roman Mueller
659002adef Add cut 2018-06-16 14:28:28 +01:00
Andrea Cardaci
b3fc53a9d3 Remove invalid SUID execute from sed 2018-06-13 16:42:02 +02:00
Andrea Cardaci
2da69686ac Fix sed execute and file write, also enforce standards 2018-06-13 16:05:57 +02:00
Roman Mueller
3c0e0bf1e3 Add execute-interactive & file-write to sed 2018-06-13 12:01:25 +02:00
Andrea Cardaci
0d786940c4 Add tar execute-non-interactive and file-read 2018-06-13 10:35:26 +02:00
Dov Murik
69465eb338 Add expand, unexpand 2018-06-12 19:29:34 +01:00
Andrea Cardaci
4b11771fec Avoid cat in bash 2018-06-12 16:17:34 +02:00
Andrea Cardaci
3b59c85656 Fix bash file read 2018-06-11 13:12:15 +02:00
Roman Mueller
7660674537 Add file-read to curl 2018-06-10 21:59:08 +01:00
Andrea Cardaci
2696bc3cde Fix make compatibility issues 2018-06-04 20:00:09 +02:00
Emilio Pinna
7e5bcab249 Replace where_to_save with file_to_save 2018-06-04 18:53:35 +01:00
Emilio Pinna
6a747b0920 Fix PHP interactive functions 2018-06-04 18:40:46 +01:00
Andrea Cardaci
b2731c2c91 Fix make suid shell 2018-06-04 19:13:16 +02:00
Andrea Cardaci
564dbe28fa Add base64, ltrace, make, sqlite3, time 2018-06-04 19:05:55 +02:00
Andrea Cardaci
81f12399fe Add compatibility notice in make 2018-06-04 18:59:07 +02:00
Andrea Cardaci
c31a8a1b6b Simplify make 2018-06-04 18:28:58 +02:00
Andrea Cardaci
4eff8b534f Fix time description 2018-06-04 17:23:26 +02:00
Andrea Cardaci
b2a2dccc82 Add execute-interactive to sqlite3 2018-06-04 17:16:57 +02:00
Andrea Cardaci
323553f4b0 Make base64 portable 2018-06-04 14:59:57 +02:00
Andrea Cardaci
0785f116d3 Clarify echo command in rlwrap file-write 2018-06-04 13:16:24 +02:00
Andrea Cardaci
3cc3be5aa5 Use /dev/null as history for rlwrap 2018-06-04 13:09:55 +02:00
Andrea Cardaci
069e7da89d Add sudo and suid to od 2018-06-04 13:01:44 +02:00
Andrea Cardaci
467e4e875d Fix od YAML 2018-06-04 13:01:25 +02:00
Andrea Cardaci
669f8f0373 Inhibit actual locking in flock 2018-06-04 12:46:28 +02:00
Dov Murik
5fa7efbc1c Add base64, ltrace, make, sqlite3, time 2018-06-04 10:21:53 +00:00
Dov Murik
3f8a62a253 Add flock, od, rlwrap 2018-06-03 20:22:08 +00:00
Roman Mueller
6e6cbb66a7 Remove non-interactive versions 2018-06-03 13:09:03 +01:00
Roman Mueller
1e443710a2 Add ProxyCommand executions to ssh 2018-06-03 13:09:03 +01:00
Andrea Cardaci
de8d657479 Fix typo in xargs 2018-06-03 12:30:34 +02:00
Andrea Cardaci
2463f9477a Add xargs file-read even though it uses the external echo command 2018-06-03 11:51:44 +02:00
Andrea Cardaci
d14b69c12f Add comment to puppet about diff 2018-06-03 11:41:27 +02:00
Andrea Cardaci
77edd09b07 Add output to puppet execute functions 2018-06-03 10:58:39 +02:00
Andrea Cardaci
6843fe84b5 Use consistent shell variable style in puppet 2018-06-03 10:30:07 +02:00
Andrea Cardaci
42997519e1 Fix sort file-read to avoid actually sorting lines
Thanks to @dubek.
2018-06-03 10:01:46 +02:00
Emilio Pinna
b6dfe3e083 Add diff 2018-06-02 16:02:38 +01:00
Emilio Pinna
234cfc0ebb Add puppet description 2018-06-02 15:55:12 +01:00
Roman Mueller
144e51b165 Add puppet 2018-06-02 14:29:54 +02:00
Andrea Cardaci
b3c405e2d5 Add sudo and suid to nl 2018-06-01 13:30:32 +02:00
Andrea Cardaci
5a1c87e7c5 Fix YAML literal blocks 2018-06-01 12:44:34 +02:00
Andrea Cardaci
b96f6e9a49 Fix YAMLs format 2018-06-01 00:22:34 +02:00
Emilio Pinna
bdf78c5e99 Add busybox 2018-05-31 20:09:44 +01:00
Andrea Cardaci
3a619c7777 Add whois
Thanks to https://twitter.com/info_dox/status/1001985728342102017
2018-05-31 20:24:56 +02:00
Andrea Cardaci
d95bc8a8dc Fix coherence in nc YAML 2018-05-31 20:24:56 +02:00
Andrea Cardaci
ce034dd7b0 Clarify ul corruption 2018-05-31 12:37:44 +02:00
Emilio Pinna
401486648a Add sort, ul, uniq 2018-05-30 19:15:29 +01:00
Emilio Pinna
1b5f2aedae Rephrase ssh read 2018-05-30 19:07:49 +01:00
Andrea Cardaci
852407bb02 Add tee 2018-05-30 19:20:51 +02:00
Andrea Cardaci
5aee2ec17e Add cat 2018-05-30 19:20:43 +02:00
Andrea Cardaci
66f60d7ef6 Use variables in dd 2018-05-30 12:56:08 +02:00
Andrea Cardaci
d937f2ba52 Use id as non-interactive command in php 2018-05-30 12:56:08 +02:00
Andrea Cardaci
bb001f1b8a Add xargs, nl and unshare 2018-05-30 12:55:36 +02:00
Andrea Cardaci
ab481fa4a5 Reduce the number of leading spaces in nl and comment about it 2018-05-30 12:54:05 +02:00
Andrea Cardaci
4c3c73a4b6 Add variables to nl 2018-05-30 12:45:42 +02:00
Andrea Cardaci
fa60f30f5a Remove suid-limited as it is superseded by suid-enabled 2018-05-30 12:26:29 +02:00
Andrea Cardaci
6563f19914 Remove xargs file-read as it relies on an external program 2018-05-30 11:53:20 +02:00
Andrea Cardaci
d3b3c390a4 Simplify xargs invocation 2018-05-30 11:53:20 +02:00
Dov Murik
d1906b7fdd Add unshare 2018-05-30 08:17:06 +00:00
Dov Murik
ca91885fce Add nl 2018-05-30 07:56:12 +00:00
Dov Murik
bbbff04e55 xargs: add file-read 2018-05-30 07:45:32 +00:00
Dov Murik
eb1ada7a62 Add xargs 2018-05-30 07:36:30 +00:00
Andrea Cardaci
1a739b4550 Add tar file-write 2018-05-30 00:46:04 +02:00
Andrea Cardaci
c634e3898f Fix pico execution functions as they require a file to work on 2018-05-29 20:43:54 +02:00
Andrea Cardaci
d665a38758 Fix nano execution functions as they require a file to work on 2018-05-29 20:41:55 +02:00
Emilio Pinna
4fbd4d3ab7 Add mail 2018-05-29 19:35:40 +01:00
Andrea Cardaci
5e0da38a4a Improve gdb link text 2018-05-29 19:47:51 +02:00
Emilio Pinna
d8c9db3561 Add nano and pico 2018-05-29 18:23:33 +01:00
Andrea Cardaci
481cd24a84 Fix ssh file-read 2018-05-29 17:11:36 +02:00
Paul Taylor
765d2d1aa4 Add file-read to ssh 2018-05-29 14:43:57 +02:00
Emilio Pinna
b457967d07 Add ksh 2018-05-28 21:07:51 +01:00
Andrea Cardaci
8f1d537d19 Add a note about python in gdb 2018-05-28 21:55:44 +02:00
Emilio Pinna
0834533edd Add dd 2018-05-28 20:35:35 +01:00
Andrea Cardaci
41e62d689a Add gdb file-write 2018-05-28 21:29:34 +02:00
Andrea Cardaci
1a46497ae9 Remove useless empty line 2018-05-28 20:17:13 +02:00
Andrea Cardaci
809975ce4c Add awk file-read/write 2018-05-28 20:12:44 +02:00
Andrea Cardaci
898e6cd656 Add file-write to bash 2018-05-28 20:12:44 +02:00
Andrea Cardaci
640956451b Avoid variable in bash file-read 2018-05-28 20:12:44 +02:00
Andrea Cardaci
004b4bf828 Fix trailing spaces 2018-05-28 20:12:44 +02:00
Andrea Cardaci
89985be143 Disallow backslashes in bash file-read 2018-05-28 20:12:44 +02:00
Emilio Pinna
c3710d7396 Add read-write to less, man, more, and vi 2018-05-28 20:12:44 +02:00
Emilio Pinna
ee57eeba90 Add read and write to python and ruby 2018-05-28 20:12:44 +02:00
Emilio Pinna
66b617c955 Add read/write for ash, bash, csh, dash, ed, and emacs 2018-05-28 20:12:44 +02:00
Andrea Cardaci
358628c2f2 Remove hardcoded instances of bash 2018-05-28 17:48:26 +02:00
Emilio Pinna
8185fca039 Fix watch sudo code 2018-05-27 18:31:52 +01:00
Emilio Pinna
614954c0d3 Fix watch sudo code 2018-05-27 18:31:27 +01:00
Emilio Pinna
35bd51047a Rephrase watch description 2018-05-27 18:28:51 +01:00
Emilio Pinna
39e2d3335c Add watch 2018-05-27 18:17:14 +01:00
Emilio Pinna
b06bb08f96 Fix description 2018-05-25 18:57:26 +01:00
Andrea Cardaci
36dcf7a836 Reorganize function names 2018-05-25 15:30:02 +02:00
Andrea Cardaci
2d3ebbbb05 Use the id command for non-interactive examples 2018-05-25 14:11:36 +02:00
Andrea Cardaci
0047d8bfb7 Add sudo and suid to php 2018-05-25 14:07:26 +02:00
Andrea Cardaci
4ea28f8c48 Use getenv instead of $_ENV in php as it is configuration-dependent 2018-05-25 11:19:13 +02:00
Andrea Cardaci
91c233f773 Make Emacs treat _gtfobins Markdown files like YAML 2018-05-25 02:16:18 +02:00
Andrea Cardaci
f0d72ff530 Fix trailing spaces 2018-05-25 01:10:39 +02:00
Andrea Cardaci
da0b49a840 Coherence in tar code 2018-05-25 01:03:51 +02:00
Andrea Cardaci
e885d4a6ee Remove the -p option from suid-limited
It is useless because:
- if Debian-like, it is not supported and does not drop anyway;
- otherwise the `system()`-like function already used a shell that dropped the
  privileges.
2018-05-25 00:57:42 +02:00
Andrea Cardaci
84f48081fb Remove the -p option from sudo-enabled (typo) 2018-05-25 00:51:49 +02:00
Andrea Cardaci
d7344a5230 Explicitly use the python2 command 2018-05-25 00:49:25 +02:00
Andrea Cardaci
dd04e1630a Remove unsupported dash functions 2018-05-25 00:28:16 +02:00
Andrea Cardaci
f0a22c23d3 Fix bash download script 2018-05-25 00:23:02 +02:00
Emilio Pinna
a442b4cf34 Wrap dash commands 2018-05-24 22:43:04 +01:00
Emilio Pinna
fda972eeaa Wrapping bash commands 2018-05-24 22:40:36 +01:00
Emilio Pinna
c6441d33ef Add dash 2018-05-24 21:47:10 +01:00
Emilio Pinna
a3867ccf28 Add ash command 2018-05-24 21:26:30 +01:00
Emilio Pinna
fba68a0259 Add wish non-interactive reverse shell 2018-05-24 21:10:43 +01:00
Emilio Pinna
feb07b18fb Rephrase network functions descriptions 2018-05-24 21:05:11 +01:00
Emilio Pinna
b857c98f92 Use target.com and attacker.com 2018-05-24 21:05:11 +01:00
Andrea Cardaci
414ee88fd8 Add node bind shell 2018-05-24 00:50:05 +02:00
Andrea Cardaci
ac79267e7e Simplify node reverse shell 2018-05-24 00:50:05 +02:00
Andrea Cardaci
6e2242d3f1 Fix node code style 2018-05-24 00:50:05 +02:00
Emilio Pinna
4e61de337a Add socat bind-shell 2018-05-23 20:55:36 +01:00
Emilio Pinna
af346441f2 Add node suid, sudo, and interactive 2018-05-23 20:17:43 +01:00
Emilio Pinna
48787a0e8e Add node reverse-shell 2018-05-23 19:47:50 +01:00
Andrea Cardaci
344209b99c Add missing sudo to setarch 2018-05-23 11:34:47 +02:00
Emilio Pinna
0a5168dc9a Replace default port number with 12345 2018-05-23 08:08:13 +01:00
Emilio Pinna
793cd12812 Introduce non-interactive reverse and bind shells 2018-05-23 08:06:50 +01:00
Andrea Cardaci
19710192c3 Truncate long lines in awk 2018-05-23 00:36:17 +02:00
Andrea Cardaci
4303bf854b Use the same IP for examples 2018-05-23 00:29:51 +02:00
Andrea Cardaci
dc9f4ff42c Add awk bind shell 2018-05-23 00:26:26 +02:00
Andrea Cardaci
f2be339850 Fix awk reverse shell 2018-05-23 00:21:55 +02:00
Emilio Pinna
c428d20365 Standardize awk reverse-shell 2018-05-22 23:03:37 +01:00
Andrea Cardaci
126f779732 Add awk reverse shell 2018-05-22 23:55:44 +02:00
Emilio Pinna
5f5598b1c3 Add tclsh reverse shell description 2018-05-22 22:07:10 +01:00
Emilio Pinna
24a7c20324 Add tclsh reverse shell 2018-05-22 22:04:46 +01:00
Emilio Pinna
43b68e46b1 Add socat 2018-05-22 21:40:27 +01:00
Emilio Pinna
ac29dc064d Fix telnet descriptions 2018-05-22 21:26:17 +01:00
Emilio Pinna
158291baa4 Add missing descriptions 2018-05-22 21:22:20 +01:00
Emilio Pinna
8f992a27f1 Add descriptions to python2 and python3 2018-05-22 21:18:06 +01:00
Emilio Pinna
d9612ec461 Rephrase bash 2018-05-22 21:17:51 +01:00
Emilio Pinna
e3d9c03c96 Add PHP reverse-shell description 2018-05-22 19:23:05 +01:00
Emilio Pinna
6a075ebeeb Add perl reverse-shell description 2018-05-22 19:21:16 +01:00
Emilio Pinna
1e34daccee Remove alternative bash reverse-shell 2018-05-22 19:10:17 +01:00
Emilio Pinna
028a202891 Add another bash reverse shell 2018-05-22 19:03:44 +01:00
Emilio Pinna
fad8425624 Add nc and bash other end commands 2018-05-22 18:57:05 +01:00
Andrea Cardaci
2fed778c51 Improve the description of ld.so 2018-05-22 12:40:35 +02:00