public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2024-12-27 07:18:48 +01:00
Code Issues Projects Releases Wiki Activity
734 Commits 1 Branch 0 Tags 7 MiB
6ba729e1de
Commit Graph

615 Commits

Author SHA1 Message Date
brian
3bd955e8cc Use os.execute instead of posix.exec in rpm 
From rpm versions 4.9.0 and on, posix.exec() will return an error unless called
from a child process created with posix.fork(). os.execute() may be used
instead.

This change is documented in these two resources:

- http://rpm.org/user_doc/lua.html
- https://rpm-packaging-guide.github.io/

Close #53.
 2019-02-14 12:32:18 +01:00
Emilio
52a2f4cdc7 Add Lua payloads to rvim 2019-02-03 10:21:45 +00:00
Emilio
d111e78b45 Add Lua payloads to vim 2019-02-03 10:15:53 +00:00
Emilio
9dc5fa2128 Add dnf thanks to https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/ as in #51 2019-02-02 16:15:49 +00:00
Emilio
a0674eb8f0 Add other sudo to rpm thanks to https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/ as in #51 2019-02-02 15:54:57 +00:00
Emilio
b330297943 Add yum thanks to https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/ as in #51 2019-02-02 15:46:01 +00:00
Emilio
7a3ae6e05a Add dpkg thanks to https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/ as in #51 2019-02-02 15:13:28 +00:00
Emilio
3166a321c0 Add script 2019-02-02 10:02:14 +00:00
Emilio Pinna
fc59ef546f Add arp and mtr. Thanks to https://twitter.com/insecurity_ltd/status/1087727178295529473 2019-01-30 23:07:40 +00:00
Andrea Cardaci
d0464d7ce8 Drop useless echo indentation 2019-01-29 14:25:16 +01:00
bstapes
a2886b643d Add systemctl 2019-01-29 14:12:29 +01:00
Andrea Cardaci
0109792b7e Clarify bash reverse shell 2019-01-25 16:41:15 +01:00
in.security
3a53c6339e Add ip 2019-01-25 16:40:42 +01:00
Emilio Pinna
1719c4ffda Polish gimp description 2019-01-22 20:21:20 +00:00
Emilio Pinna
8782ccb96b Fix gimp description 2019-01-22 20:19:39 +00:00
Emilio Pinna
ee7b68232f Add gimp description 2019-01-22 20:17:00 +00:00
Emilio Pinna
69b8eb1056 Fix gimp file write 2019-01-22 20:13:34 +00:00
Emilio
9180d550e7 Add gimp thanks to https://twitter.com/Geluchat/status/1083743529388687361 2019-01-21 20:53:48 +00:00
Andrea Cardaci
bab4250775 Fix apt sudo shell 2019-01-21 16:41:17 +01:00
Andrea Cardaci
21f760676c Add alternative apt* shell technique 
Thanks to
https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/

Also related to #38.
 2019-01-21 16:28:20 +01:00
Andrea Cardaci
4fdaada820 Fix apt* shell 
The Bash process substitution doesn't work (anymore?).
 2019-01-21 15:40:28 +01:00
Andrea Cardaci
f6b29ce958 Mention the SPELL environment variable in nano 2019-01-21 14:07:14 +01:00
egre55
3e103b2f28 Add logsave 2019-01-15 12:22:21 +01:00
Emilio
732e4f9ae4 Add missing description to gdb sudo 2019-01-05 11:28:25 +00:00
Emilio
31be45fbde Add sudo to red 2019-01-05 11:24:49 +00:00
Emilio
76f0b9cf45 Adjust and add file-write, file-read, and library-load to irb 2019-01-01 23:06:00 +00:00
Shaksham Jaiswal
1cbe81b195 Add irb (#44) 2019-01-03 20:17:38 +00:00
Emilio
9047ee345c Use shorten ruby file download from #44 2019-01-02 15:28:13 +00:00
Andrea Cardaci
c156f48e5f Fix SUID and document readelf 2019-01-02 13:41:10 +01:00
0rbz
6ebfcef36c
Create readelf.md 2018-12-31 14:58:24 -05:00
Andrea Cardaci
9652aee337 Add comments to rlogin 
Close #45.
 2018-12-31 13:35:36 +01:00
0rbz
c1ea5f2b41 Create rlogin.md 2018-12-31 13:35:36 +01:00
Emilio Pinna
bbfcb5b633 Keep cancel description consistent 2018-12-31 09:40:49 +01:00
0rbz
63147892c4 Create cancel.md (#43) 
* Add cancel.md
 2018-12-31 09:38:20 +01:00
Qazeer
809b60ef97 Add nmap interactive mode 2018-12-24 18:39:24 +01:00
Emilio Pinna
e404981c2e Add reverse-shell, file-upload, file-download, library-load, and capabilities to rvim 2018-12-18 15:19:41 +01:00
Emilio Pinna
6befd62430 Add reverse-shell, file-upload, file-download, library-load, and capabilities to vim 2018-12-18 15:11:03 +01:00
Emilio Pinna
d3ef67aa3a Remove suid from vim 2018-12-18 14:28:09 +01:00
Emilio Pinna
4910c32409 Skim wrong functions from original vi 2018-12-18 14:04:05 +01:00
Emilio Pinna
9432a6ce3c Add Python 3 comment in vim and rvim 2018-12-18 13:31:22 +01:00
Chris Frederick
cda1654809 Add openssl-enc commands (#41) 2018-12-17 14:46:30 +01:00
s3krit
a659ed5d5f Add file 2018-12-12 18:08:22 +01:00
Andrea Cardaci
32b113b003 Fix and add SUID to other vi 
Related to #39.
 2018-12-03 16:00:11 +01:00
Andrea Cardaci
e066c22c1f Fix YAML format in vi 2018-12-03 16:00:01 +01:00
Andrea Cardaci
ed9363fe2d Fix broken shells in vi 
Related to #39.
 2018-12-03 15:59:37 +01:00
Emilio Pinna
279381cf3c Polish rvim, vi, and vim 2018-12-03 13:15:57 +00:00
Hugo DELVAL
bd0cad0433 Add vi(m) commands (#39) 2018-12-03 13:06:41 +00:00
Andrea Cardaci
46fd726c5a Improve 'apt-* install' entries 
Improve description, enforce standards and make sure that the package will not
be installed.

Related #38.
 2018-11-29 14:25:49 +01:00
HugoDelval
736f3482d3 Add apt(-get) entries 2018-11-29 13:51:39 +01:00
g0tmi1k
2d3071ef55 Typo: LFILE -> $LFILE (DD command) 2018-11-20 13:40:19 +01:00
Andrea Cardaci
f111f3e261 Split run-mailcap into functions 
Close #34.
 2018-11-19 14:04:01 +01:00
egre55
892949d4af Add run-mailcap 2018-11-19 13:30:43 +01:00
Andrea Cardaci
df1efb0437 Fix cpan YAML 2018-11-12 15:48:31 +01:00
egre55
d5405933d1 Add run-parts 2018-11-12 15:45:29 +01:00
Andrea Cardaci
3cbfa05169 Add dmesg 
Close #32.
 2018-11-12 15:11:50 +01:00
Andrea Cardaci
23dae5406e Minor fixes on cpan 2018-11-12 15:11:50 +01:00
egre55
a448ed5c25 Add dmsetup (#31) 
* Add dmsetup

* fixes
 2018-11-10 18:39:18 +00:00
Emilio Pinna
27c1c56577 Polish cpan 2018-11-08 20:01:40 +00:00
Shaksham Jaiswal
754e5e0f95 variable fix 2018-11-08 20:00:23 +00:00
Shaksham Jaiswal
f6d6019515 added environment variables 2018-11-08 20:00:23 +00:00
Shaksham Jaiswal
b78d64c236 made fixes, thanks to egre55 2018-11-08 20:00:23 +00:00
Shaksham Jaiswal
e600a4e610 indentation fixes 2018-11-08 20:00:23 +00:00
Shaksham Jaiswal
b3a6e93b78 Add cpan 2018-11-08 20:00:23 +00:00
Andrea Cardaci
66844f9cc4 Fix YAML format in start-stop-daemon 2018-11-05 16:41:04 +01:00
egre55
86e249e812 Add start-stop-daemon 2018-11-05 16:34:57 +01:00
Andrea Cardaci
ae79cfa550 Add limited suid to pic 
Related to #28.
 2018-11-02 23:47:20 +01:00
egre55
0b62b20891 Add pic 2018-11-02 23:45:58 +01:00
Andrea Cardaci
3cd9494b9b Remove limited-suid from man 2018-10-23 13:55:21 +02:00
Andrea Cardaci
0c8a06246b Add --to-command interactive shell to tar 
Close #27
 2018-10-21 12:13:17 +02:00
Andrea Cardaci
a7818d5f16 Promote tar command to interactive shell 2018-10-21 12:13:17 +02:00
Emilio Pinna
fdda727eb1 Add jjs 2018-10-14 21:01:33 +01:00
Emilio Pinna
7ad0233b33 Add description to jrunscript reverse-shell 2018-10-14 21:01:24 +01:00
Emilio Pinna
46e293e444 Describe jrunscript suid limitations 2018-10-13 13:36:24 +01:00
Emilio Pinna
26151d0c44 Add jrunscript 2018-10-12 18:39:39 +01:00
Emilio Pinna
d7d463ee0c Add missing SUID in gdb 2018-10-08 22:51:52 +01:00
Emilio Pinna
2377be5a55 Fix suid in PHP 2018-10-08 20:56:51 +01:00
Emilio Pinna
f14e511218 Fix python SUID 2018-10-08 20:14:25 +01:00
Emilio Pinna
dd337b5ddf Adopt new function names 2018-10-05 18:55:38 +01:00
Andrea Cardaci
1dfb03b013 Add description about grep flavors 
Related to #26.
 2018-10-03 14:44:55 +02:00
Roman Mueller
0bca156294 Add grep 2018-10-03 14:22:27 +02:00
Andrea Cardaci
fbb0ccefa4 Add info about pager in journalctl 
Close #25.
 2018-10-02 22:52:08 +02:00
Roman Mueller
7d3a6ddd9d Add journalctl 2018-10-02 22:52:05 +02:00
Emilio Pinna
9514d41a80 Remove capabilities-enabled from pip 2018-09-29 10:54:33 +01:00
Emilio Pinna
a156e10996 Use LFILE in easy_install and pip file-write function 2018-09-29 10:51:00 +01:00
Emilio Pinna
f8dab26569 Rephrase easy_install descriptions 2018-09-29 10:47:19 +01:00
Emilio Pinna
9dc6a93e5b Add download to easy_install 2018-09-29 10:46:03 +01:00
Emilio Pinna
c2224a6b49 Add easy_install file-write 2018-09-28 17:57:23 +01:00
Emilio Pinna
0e639583d6 Add easy_install 2018-09-27 22:53:55 +01:00
Emilio Pinna
5087fa15ef Remove pip description 2018-09-27 22:00:56 +01:00
Emilio Pinna
be7f7b87a0 Remove capabilities-enabled and sudo-enabled from pip 2018-09-27 21:54:50 +01:00
Emilio Pinna
1321a330a5 Fix pip setcap 2018-09-27 21:43:28 +01:00
Emilio Pinna
ce111369f3 Try add python payloads to pip 2018-09-27 21:34:49 +01:00
Andrea Cardaci
0db7fe5f32 Fix pip to work in both Linux and macOS 2018-09-27 12:58:29 +02:00
Emilio Pinna
3c59b1c2fc Add python functions to gdb 2018-09-25 22:44:12 +01:00
Emilio Pinna
12aa95cf2f Fix pip description 2018-09-25 22:16:12 +01:00
Emilio Pinna
0ec8e7d99d Fix gdb description 2018-09-25 22:02:25 +01:00
Emilio Pinna
1222c37802 Merge python2 and python3 2018-09-25 21:41:31 +01:00
Emilio Pinna
ebb9fd00be Fix python3 upload 2018-09-25 20:37:38 +01:00
Emilio Pinna
d3659b5cc6 Fix python2 upload 2018-09-25 20:37:38 +01:00
Andrea Cardaci
689e00461d Get rid of base64 for curl and wget and make descriptions similar 
Close #24.
 2018-09-25 19:56:27 +02:00
Roman Mueller
9bac306503 Add history file read/write to bash 
Close #21.
 2018-09-13 18:51:28 +02:00
Andrea Cardaci
b10791a840 Add download to finger 2018-09-13 15:42:45 +02:00
Andrea Cardaci
2e477b25de Add the capabilities-enabled function 
This exploits `setcap` to persist root privileges on Linux.
 2018-09-13 14:49:51 +02:00
Andrea Cardaci
aed737131c Add capabilities to gdb 2018-09-13 14:48:40 +02:00
Emilio Pinna
3125617475 Add finger 2018-09-12 22:35:41 +01:00
Emilio Pinna
7314987800 Add capabilities to node 2018-09-12 22:02:05 +01:00
Emilio Pinna
c7375411b7 Add capabilities to perl, php, python3, and ruby 2018-09-12 21:57:04 +01:00
Emilio Pinna
e72d7e3d19 Reorder functions 2018-09-12 21:56:42 +01:00
Emilio Pinna
1afd9ec9ec Drafting capabilities 2018-09-12 21:29:53 +01:00
Andrea Cardaci
2e6968e883 Clarify aria2c --allow-overwrite 
As discussed in #22.
 2018-09-07 13:46:22 +02:00
Andrea Cardaci
e5d5f2e2c6 Clarify tcpdump subprocess 2018-09-07 13:33:30 +02:00
Andrea Cardaci
17c3e974a7 Add a full local version of aria2c and add --allow-overwrite 
Close #22
 2018-09-07 13:30:55 +02:00
HugoDelval
65b762ca80 Add aria2c 
Taken from https://github.com/InsecurityAsso/inshack-2018/blob/master/web/curler/exploit/exploit
 2018-09-07 13:30:10 +02:00
Andrea Cardaci
8eaf595fe6 Make interactive execute whenever possible 
Here the trick is to restore those file descriptors (0, 1, 2) that have been
redirected (`dup2`) by the parent process.

First we need to determine which one has been redirected, for example by looking
at `ls -l /proc/$$/fd/`. Then we can use `0<&x`, `1>&x` or `2>&x` to restore 0,
1 or 2 respectively, where `x` is any file descriptor number that points to the
TTY.

It may happen that no file descriptor is unchanged, in that case we can use
`tty` to perform the redirection: sh <$(tty) >$(tty) 2>$(tty)
 2018-09-07 01:11:06 +02:00
Andrea Cardaci
5b79154cf1 Avoid output file for tcpdump 2018-09-07 00:29:58 +02:00
Andrea Cardaci
ab62d024b1 Make xargs execute-interactive 2018-09-06 23:35:27 +02:00
Andrea Cardaci
7c0fa85a66 Make nano/pico execute-interactive by using exec 2018-09-06 21:36:20 +02:00
Andrea Cardaci
65c3d3409f Fix ssh execute 2018-09-06 20:40:36 +02:00
Andrea Cardaci
14ea39d22f Fix description long lines 2018-09-06 19:18:22 +02:00
Andrea Cardaci
d180391d7e Fix Python link in pip 2018-09-06 19:18:12 +02:00
Andrea Cardaci
7d9465bd6a Add pip 
As suggested by #20.
 2018-09-06 18:46:22 +02:00
Andrea Cardaci
9c96140f1d Add date 
Thanks to #20.
 2018-09-06 17:08:01 +02:00
Emilio Pinna
cb695abfa6 Add chmod and chown as suggested in #20 2018-09-05 17:59:07 +01:00
Emilio Pinna
f2ab6a6283 Remove file-read and file-write from cp and mv 2018-09-05 17:38:32 +01:00
Andrea Cardaci
aab8e783ec Add facter 
Thanks to #20.
 2018-09-04 13:42:37 +02:00
Emilio Pinna
d5f546b67d Polish cp and mv descriptions 2018-09-03 21:40:09 +01:00
Emilio Pinna
08a82c913a Add mv as suggested in #20 2018-09-03 21:38:22 +01:00
Emilio Pinna
508a06c14a Add cp as suggested in #20 2018-09-03 21:33:24 +01:00
Andrea Cardaci
8f4b085807 Fix shuf YAML 2018-08-31 15:51:14 +02:00
Andrea Cardaci
6bfc58daab Add notice about tcpdump traffic requirements 2018-08-31 11:29:36 +02:00
Andrea Cardaci
09564b427f Add apt, apt-get, mysql and smbclient 
Thanks to #20.
 2018-08-31 11:09:19 +02:00
Andrea Cardaci
5b18d9340a Fix red YAML 2018-08-31 10:17:36 +02:00
George O
cbab8b803a Add red 
Close #17.
 2018-08-27 16:27:12 +02:00
Emilio Pinna
51acc5bc9b Fix tcpdump sudo-enabled 2018-08-24 17:59:16 +01:00
Andrea Cardaci
1bff7d1525 Fix SUID for less and pg 2018-08-24 13:30:23 +02:00
Andrea Cardaci
38a5860d48 Add file-write to less 2018-08-24 12:32:06 +02:00
Andrea Cardaci
41bd75145c Fix SUID for less and pg 
Only file access is possible in that case.
 2018-08-24 12:25:57 +02:00
Andrea Cardaci
e310b1f565 Fix more YAML 2018-08-24 12:08:37 +02:00
pshem
2b16dd52e8 Add nice, cpulimit and pg 2018-08-24 11:33:15 +02:00
Emilio Pinna
e84ec807a1 Fix nmap suid-limited 2018-08-23 23:45:07 +01:00
Emilio Pinna
8fb329ca92 Fix nmap suid-limited 2018-08-23 23:44:27 +01:00
Emilio Pinna
0681eacca5 Add reverse and bind shell and file transfer functions to nmap 2018-08-23 18:29:50 +01:00
Andrea Cardaci
97c54f9b22 Fix nmap descriptions 2018-08-23 18:11:27 +02:00
Andrea Cardaci
d4b50275bb Use DATA as a placeholder for file-write operations 2018-08-20 15:00:34 +02:00
Andrea Cardaci
866ca2e404 Fix other editors file write 2018-08-20 15:00:34 +02:00
Andrea Cardaci
b4b67ff10b Fix ed file read/write 2018-08-20 15:00:34 +02:00
Emilio Pinna
0ba5df0cb9 Use temporary files in zip functions 2018-08-19 11:32:48 +01:00
Emilio Pinna
a68ef39e30 Standardize tcpdump temporary file creation 2018-08-19 11:24:13 +01:00
Emilio Pinna
14c8781f2d Fix nmap description and temporary file 2018-08-19 11:20:37 +01:00
Emilio Pinna
f34aa31334 Remove docker interactive-execute 2018-08-19 11:14:16 +01:00
Andrea Cardaci
f740b410cc Simplify zip and add suid-limited 2018-08-19 11:43:26 +02:00
Andrea Cardaci
2ff760e560 Fix and simplify tcpdump 2018-08-19 11:43:26 +02:00
Andrea Cardaci
acf29564cb Simplify rsync and add interactive execute 2018-08-19 11:43:26 +02:00
Andrea Cardaci
7822ec33e8 Add suid, description and YAML fixes to nmap 2018-08-19 11:43:26 +02:00
Andrea Cardaci
c20ade4551 Make docker disposable, use sh instead of bash and add description 2018-08-19 11:43:26 +02:00
AlessandroZ
7219385a05 add new ways 2018-08-17 17:16:09 +02:00
Andrea Cardaci
6b73dcf283 Use the portable -u option for mktemp instead of removing the file 
Close #15.
 2018-07-31 12:44:16 +02:00
Emilio Pinna
53ad35fb10 Add suid-enabled and sudo-enabled to tftp 2018-07-22 18:24:39 +01:00
Emilio Pinna
3469b03e78 Add sudo-enabled and suid-limited to socat 2018-07-22 15:49:15 +01:00
Emilio Pinna
0f422cdd6a Reorder functions in git, lua, and nc 2018-07-22 15:42:43 +01:00
Emilio Pinna
38cd886b36 Describe which functions work with netcat traditional 2018-07-22 15:35:26 +01:00
Emilio Pinna
fbd8a68cae Add suid-limited and sudo-enabled to nc 2018-07-22 15:34:05 +01:00
Emilio Pinna
4de0246992 Use double backtick for inline code 2018-07-22 15:22:03 +01:00
Emilio Pinna
b016b7b9dd Add suid-enabled and sudo-enabled to curl, dd, and wget 2018-07-22 14:30:03 +01:00
Emilio Pinna
00a06edb07 Fix lua descriptions 2018-07-22 14:12:20 +01:00
Emilio Pinna
ef92163d03 Add git 2018-07-22 14:06:54 +01:00
Emilio Pinna
bfd61e93fc Add lua 2018-07-22 12:47:57 +01:00
Emilio Pinna
94f43fb943 Fix nc download description 2018-07-22 12:47:43 +01:00
Andrea Cardaci
e1cd3aed68 Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00
Andrea Cardaci
a00f689760 Improve mount 2018-07-16 13:47:09 +02:00
Andrea Cardaci
e50f44521e Improve crontab 2018-07-16 13:37:17 +02:00
kk
85b99ce89f added crontab and mount 2018-07-16 10:00:14 +02:00
Emilio Pinna
d6895f367d Reorder functions in binaries 2018-07-04 19:26:52 +01:00
Emilio Pinna
80b20b6991 Add ruby download 2018-06-17 20:16:43 +01:00
Emilio Pinna
401c469b26 Add versions requirements on PHP and ruby 2018-06-17 20:08:02 +01:00
Emilio Pinna
50ffed4210 Replace more suid-limited execution with a suid-enabled read example 2018-06-17 11:39:42 +01:00
Emilio Pinna
7fa5b1e16e Use valid Mbox file for mail 2018-06-17 11:28:23 +01:00
Emilio Pinna
06966c8cd4 Remove mail suid-limited 2018-06-17 11:27:03 +01:00
Emilio Pinna
fce5a22341 Add sudo-enabled to cut 2018-06-16 16:13:16 +01:00
Roman Mueller
659002adef Add cut 2018-06-16 14:28:28 +01:00
Andrea Cardaci
b3fc53a9d3 Remove invalid SUID execute from sed 2018-06-13 16:42:02 +02:00
Andrea Cardaci
2da69686ac Fix sed execute and file write, also enforce standards 2018-06-13 16:05:57 +02:00
Roman Mueller
3c0e0bf1e3 Add execute-interactive & file-write to sed 2018-06-13 12:01:25 +02:00
Andrea Cardaci
0d786940c4 Add tar execute-non-interactive and file-read 2018-06-13 10:35:26 +02:00
Dov Murik
69465eb338 Add expand, unexpand 2018-06-12 19:29:34 +01:00
Andrea Cardaci
4b11771fec Avoid cat in bash 2018-06-12 16:17:34 +02:00
Andrea Cardaci
3b59c85656 Fix bash file read 2018-06-11 13:12:15 +02:00
Roman Mueller
7660674537 Add file-read to curl 2018-06-10 21:59:08 +01:00
Andrea Cardaci
2696bc3cde Fix make compatibility issues 2018-06-04 20:00:09 +02:00
Emilio Pinna
7e5bcab249 Replace where_to_save with file_to_save 2018-06-04 18:53:35 +01:00
Emilio Pinna
6a747b0920 Fix PHP interactive functions 2018-06-04 18:40:46 +01:00
Andrea Cardaci
b2731c2c91 Fix make suid shell 2018-06-04 19:13:16 +02:00
Andrea Cardaci
564dbe28fa Add base64, ltrace, make, sqlite3, time 2018-06-04 19:05:55 +02:00
Andrea Cardaci
81f12399fe Add compatibility notice in make 2018-06-04 18:59:07 +02:00
Andrea Cardaci
c31a8a1b6b Simplify make 2018-06-04 18:28:58 +02:00
Andrea Cardaci
4eff8b534f Fix time description 2018-06-04 17:23:26 +02:00
Andrea Cardaci
b2a2dccc82 Add execute-interactive to sqlite3 2018-06-04 17:16:57 +02:00
Andrea Cardaci
323553f4b0 Make base64 portable 2018-06-04 14:59:57 +02:00
Andrea Cardaci
0785f116d3 Clarify echo command in rlwrap file-write 2018-06-04 13:16:24 +02:00
Andrea Cardaci
3cc3be5aa5 Use /dev/null as history for rlwrap 2018-06-04 13:09:55 +02:00
Andrea Cardaci
069e7da89d Add sudo and suid to od 2018-06-04 13:01:44 +02:00
Andrea Cardaci
467e4e875d Fix od YAML 2018-06-04 13:01:25 +02:00
Andrea Cardaci
669f8f0373 Inhibit actual locking in flock 2018-06-04 12:46:28 +02:00
Dov Murik
5fa7efbc1c Add base64, ltrace, make, sqlite3, time 2018-06-04 10:21:53 +00:00
Dov Murik
3f8a62a253 Add flock, od, rlwrap 2018-06-03 20:22:08 +00:00
Roman Mueller
6e6cbb66a7 Remove non-interactive versions 2018-06-03 13:09:03 +01:00
Roman Mueller
1e443710a2 Add ProxyCommand executions to ssh 2018-06-03 13:09:03 +01:00
Andrea Cardaci
de8d657479 Fix typo in xargs 2018-06-03 12:30:34 +02:00
Andrea Cardaci
2463f9477a Add xargs file-read even though it uses the external echo command 2018-06-03 11:51:44 +02:00
Andrea Cardaci
d14b69c12f Add comment to puppet about diff 2018-06-03 11:41:27 +02:00
Andrea Cardaci
77edd09b07 Add output to puppet execute functions 2018-06-03 10:58:39 +02:00
Andrea Cardaci
6843fe84b5 Use consistent shell variable style in puppet 2018-06-03 10:30:07 +02:00
Andrea Cardaci
42997519e1 Fix sort file-read to avoid actually sorting lines 
Thanks to @dubek.
 2018-06-03 10:01:46 +02:00
Emilio Pinna
b6dfe3e083 Add diff 2018-06-02 16:02:38 +01:00
Emilio Pinna
234cfc0ebb Add puppet description 2018-06-02 15:55:12 +01:00
Roman Mueller
144e51b165 Add puppet 2018-06-02 14:29:54 +02:00
Andrea Cardaci
b3c405e2d5 Add sudo and suid to nl 2018-06-01 13:30:32 +02:00
Andrea Cardaci
5a1c87e7c5 Fix YAML literal blocks 2018-06-01 12:44:34 +02:00
Andrea Cardaci
b96f6e9a49 Fix YAMLs format 2018-06-01 00:22:34 +02:00
Emilio Pinna
bdf78c5e99 Add busybox 2018-05-31 20:09:44 +01:00
Andrea Cardaci
3a619c7777 Add whois 
Thanks to https://twitter.com/info_dox/status/1001985728342102017
 2018-05-31 20:24:56 +02:00
Andrea Cardaci
d95bc8a8dc Fix coherence in nc YAML 2018-05-31 20:24:56 +02:00
Andrea Cardaci
ce034dd7b0 Clarify ul corruption 2018-05-31 12:37:44 +02:00
Emilio Pinna
401486648a Add sort, ul, uniq 2018-05-30 19:15:29 +01:00
Emilio Pinna
1b5f2aedae Rephrase ssh read 2018-05-30 19:07:49 +01:00
Andrea Cardaci
852407bb02 Add tee 2018-05-30 19:20:51 +02:00
Andrea Cardaci
5aee2ec17e Add cat 2018-05-30 19:20:43 +02:00
Andrea Cardaci
66f60d7ef6 Use variables in dd 2018-05-30 12:56:08 +02:00
Andrea Cardaci
d937f2ba52 Use id as non-interactive command in php 2018-05-30 12:56:08 +02:00
Andrea Cardaci
bb001f1b8a Add xargs, nl and unshare 2018-05-30 12:55:36 +02:00
Andrea Cardaci
ab481fa4a5 Reduce the number of leading spaces in nl and comment about it 2018-05-30 12:54:05 +02:00
Andrea Cardaci
4c3c73a4b6 Add variables to nl 2018-05-30 12:45:42 +02:00
Andrea Cardaci
fa60f30f5a Remove suid-limited as it is superseded by suid-enabled 2018-05-30 12:26:29 +02:00
Andrea Cardaci
6563f19914 Remove xargs file-read as it relies on an external program 2018-05-30 11:53:20 +02:00
Andrea Cardaci
d3b3c390a4 Simplify xargs invocation 2018-05-30 11:53:20 +02:00
Dov Murik
d1906b7fdd Add unshare 2018-05-30 08:17:06 +00:00
Dov Murik
ca91885fce Add nl 2018-05-30 07:56:12 +00:00
Dov Murik
bbbff04e55 xargs: add file-read 2018-05-30 07:45:32 +00:00
Dov Murik
eb1ada7a62 Add xargs 2018-05-30 07:36:30 +00:00
Andrea Cardaci
1a739b4550 Add tar file-write 2018-05-30 00:46:04 +02:00
Andrea Cardaci
c634e3898f Fix pico execution functions as they require a file to work on 2018-05-29 20:43:54 +02:00
Andrea Cardaci
d665a38758 Fix nano execution functions as they require a file to work on 2018-05-29 20:41:55 +02:00
Emilio Pinna
4fbd4d3ab7 Add mail 2018-05-29 19:35:40 +01:00
Andrea Cardaci
5e0da38a4a Improve gdb link text 2018-05-29 19:47:51 +02:00
Emilio Pinna
d8c9db3561 Add nano and pico 2018-05-29 18:23:33 +01:00
Andrea Cardaci
481cd24a84 Fix ssh file-read 2018-05-29 17:11:36 +02:00
Paul Taylor
765d2d1aa4 Add file-read to ssh 2018-05-29 14:43:57 +02:00
Emilio Pinna
b457967d07 Add ksh 2018-05-28 21:07:51 +01:00
Andrea Cardaci
8f1d537d19 Add a note about python in gdb 2018-05-28 21:55:44 +02:00
Emilio Pinna
0834533edd Add dd 2018-05-28 20:35:35 +01:00
Andrea Cardaci
41e62d689a Add gdb file-write 2018-05-28 21:29:34 +02:00
Andrea Cardaci
1a46497ae9 Remove useless empty line 2018-05-28 20:17:13 +02:00
Andrea Cardaci
809975ce4c Add awk file-read/write 2018-05-28 20:12:44 +02:00
Andrea Cardaci
898e6cd656 Add file-write to bash 2018-05-28 20:12:44 +02:00
Andrea Cardaci
640956451b Avoid variable in bash file-read 2018-05-28 20:12:44 +02:00
Andrea Cardaci
004b4bf828 Fix trailing spaces 2018-05-28 20:12:44 +02:00
Andrea Cardaci
89985be143 Disallow backslashes in bash file-read 2018-05-28 20:12:44 +02:00
Emilio Pinna
c3710d7396 Add read-write to less, man, more, and vi 2018-05-28 20:12:44 +02:00
Emilio Pinna
ee57eeba90 Add read and write to python and ruby 2018-05-28 20:12:44 +02:00
Emilio Pinna
66b617c955 Add read/write for ash, bash, csh, dash, ed, and emacs 2018-05-28 20:12:44 +02:00
Andrea Cardaci
358628c2f2 Remove hardcoded instances of bash 2018-05-28 17:48:26 +02:00
Emilio Pinna
8185fca039 Fix watch sudo code 2018-05-27 18:31:52 +01:00
Emilio Pinna
614954c0d3 Fix watch sudo code 2018-05-27 18:31:27 +01:00
Emilio Pinna
35bd51047a Rephrase watch description 2018-05-27 18:28:51 +01:00
Emilio Pinna
39e2d3335c Add watch 2018-05-27 18:17:14 +01:00
Emilio Pinna
b06bb08f96 Fix description 2018-05-25 18:57:26 +01:00
Andrea Cardaci
36dcf7a836 Reorganize function names 2018-05-25 15:30:02 +02:00
Andrea Cardaci
2d3ebbbb05 Use the id command for non-interactive examples 2018-05-25 14:11:36 +02:00
Andrea Cardaci
0047d8bfb7 Add sudo and suid to php 2018-05-25 14:07:26 +02:00
Andrea Cardaci
4ea28f8c48 Use getenv instead of $_ENV in php as it is configuration-dependent 2018-05-25 11:19:13 +02:00
Andrea Cardaci
91c233f773 Make Emacs treat _gtfobins Markdown files like YAML 2018-05-25 02:16:18 +02:00
Andrea Cardaci
f0d72ff530 Fix trailing spaces 2018-05-25 01:10:39 +02:00
Andrea Cardaci
da0b49a840 Coherence in tar code 2018-05-25 01:03:51 +02:00
Andrea Cardaci
e885d4a6ee Remove the -p option from suid-limited 
It is useless because:
- if Debian-like, it is not supported and does not drop anyway;
- otherwise the `system()`-like function already used a shell that dropped the
  privileges.
 2018-05-25 00:57:42 +02:00
Andrea Cardaci
84f48081fb Remove the -p option from sudo-enabled (typo) 2018-05-25 00:51:49 +02:00
Andrea Cardaci
d7344a5230 Explicitly use the python2 command 2018-05-25 00:49:25 +02:00
Andrea Cardaci
dd04e1630a Remove unsupported dash functions 2018-05-25 00:28:16 +02:00
Andrea Cardaci
f0a22c23d3 Fix bash download script 2018-05-25 00:23:02 +02:00
Emilio Pinna
a442b4cf34 Wrap dash commands 2018-05-24 22:43:04 +01:00
Emilio Pinna
fda972eeaa Wrapping bash commands 2018-05-24 22:40:36 +01:00
Emilio Pinna
c6441d33ef Add dash 2018-05-24 21:47:10 +01:00
Emilio Pinna
a3867ccf28 Add ash command 2018-05-24 21:26:30 +01:00
Emilio Pinna
fba68a0259 Add wish non-interactive reverse shell 2018-05-24 21:10:43 +01:00
Emilio Pinna
feb07b18fb Rephrase network functions descriptions 2018-05-24 21:05:11 +01:00
Emilio Pinna
b857c98f92 Use target.com and attacker.com 2018-05-24 21:05:11 +01:00
Andrea Cardaci
414ee88fd8 Add node bind shell 2018-05-24 00:50:05 +02:00
Andrea Cardaci
ac79267e7e Simplify node reverse shell 2018-05-24 00:50:05 +02:00
Andrea Cardaci
6e2242d3f1 Fix node code style 2018-05-24 00:50:05 +02:00
Emilio Pinna
4e61de337a Add socat bind-shell 2018-05-23 20:55:36 +01:00
Emilio Pinna
af346441f2 Add node suid, sudo, and interactive 2018-05-23 20:17:43 +01:00
Emilio Pinna
48787a0e8e Add node reverse-shell 2018-05-23 19:47:50 +01:00
Andrea Cardaci
344209b99c Add missing sudo to setarch 2018-05-23 11:34:47 +02:00
Emilio Pinna
0a5168dc9a Replace default port number with 12345 2018-05-23 08:08:13 +01:00
Emilio Pinna
793cd12812 Introduce non-interactive reverse and bind shells 2018-05-23 08:06:50 +01:00
Andrea Cardaci
19710192c3 Truncate long lines in awk 2018-05-23 00:36:17 +02:00
Andrea Cardaci
4303bf854b Use the same IP for examples 2018-05-23 00:29:51 +02:00
Andrea Cardaci
dc9f4ff42c Add awk bind shell 2018-05-23 00:26:26 +02:00
Andrea Cardaci
f2be339850 Fix awk reverse shell 2018-05-23 00:21:55 +02:00
Emilio Pinna
c428d20365 Standardize awk reverse-shell 2018-05-22 23:03:37 +01:00
Andrea Cardaci
126f779732 Add awk reverse shell 2018-05-22 23:55:44 +02:00
Emilio Pinna
5f5598b1c3 Add tclsh reverse shell description 2018-05-22 22:07:10 +01:00
Emilio Pinna
24a7c20324 Add tclsh reverse shell 2018-05-22 22:04:46 +01:00
Emilio Pinna
43b68e46b1 Add socat 2018-05-22 21:40:27 +01:00
Emilio Pinna
ac29dc064d Fix telnet descriptions 2018-05-22 21:26:17 +01:00
Emilio Pinna
158291baa4 Add missing descriptions 2018-05-22 21:22:20 +01:00
Emilio Pinna
8f992a27f1 Add descriptions to python2 and python3 2018-05-22 21:18:06 +01:00
Emilio Pinna
d9612ec461 Rephrase bash 2018-05-22 21:17:51 +01:00
Emilio Pinna
e3d9c03c96 Add PHP reverse-shell description 2018-05-22 19:23:05 +01:00
Emilio Pinna
6a075ebeeb Add perl reverse-shell description 2018-05-22 19:21:16 +01:00
Emilio Pinna
1e34daccee Remove alternative bash reverse-shell 2018-05-22 19:10:17 +01:00
Emilio Pinna
028a202891 Add another bash reverse shell 2018-05-22 19:03:44 +01:00
Emilio Pinna
fad8425624 Add nc and bash other end commands 2018-05-22 18:57:05 +01:00
Andrea Cardaci
2fed778c51 Improve the description of ld.so 2018-05-22 12:40:35 +02:00
Andrea Cardaci
67a480ccce Add sftp 2018-05-22 11:58:12 +02:00
Emilio Pinna
b81e57005a First commit 2018-05-21 20:14:41 +01:00