egre55
86e249e812
Add start-stop-daemon
2018-11-05 16:34:57 +01:00
Andrea Cardaci
ae79cfa550
Add limited suid to pic
...
Related to #28 .
2018-11-02 23:47:20 +01:00
egre55
0b62b20891
Add pic
2018-11-02 23:45:58 +01:00
Andrea Cardaci
3cd9494b9b
Remove limited-suid from man
2018-10-23 13:55:21 +02:00
Andrea Cardaci
0c8a06246b
Add --to-command interactive shell to tar
...
Close #27
2018-10-21 12:13:17 +02:00
Andrea Cardaci
a7818d5f16
Promote tar command to interactive shell
2018-10-21 12:13:17 +02:00
Emilio Pinna
fdda727eb1
Add jjs
2018-10-14 21:01:33 +01:00
Emilio Pinna
7ad0233b33
Add description to jrunscript reverse-shell
2018-10-14 21:01:24 +01:00
Emilio Pinna
46e293e444
Describe jrunscript suid limitations
2018-10-13 13:36:24 +01:00
Emilio Pinna
26151d0c44
Add jrunscript
2018-10-12 18:39:39 +01:00
Emilio Pinna
d7d463ee0c
Add missing SUID in gdb
2018-10-08 22:51:52 +01:00
Emilio Pinna
2377be5a55
Fix suid in PHP
2018-10-08 20:56:51 +01:00
Emilio Pinna
f14e511218
Fix python SUID
2018-10-08 20:14:25 +01:00
Emilio Pinna
dd337b5ddf
Adopt new function names
2018-10-05 18:55:38 +01:00
Andrea Cardaci
1dfb03b013
Add description about grep flavors
...
Related to #26 .
2018-10-03 14:44:55 +02:00
Roman Mueller
0bca156294
Add grep
2018-10-03 14:22:27 +02:00
Andrea Cardaci
fbb0ccefa4
Add info about pager in journalctl
...
Close #25 .
2018-10-02 22:52:08 +02:00
Roman Mueller
7d3a6ddd9d
Add journalctl
2018-10-02 22:52:05 +02:00
Emilio Pinna
9514d41a80
Remove capabilities-enabled from pip
2018-09-29 10:54:33 +01:00
Emilio Pinna
a156e10996
Use LFILE in easy_install and pip file-write function
2018-09-29 10:51:00 +01:00
Emilio Pinna
f8dab26569
Rephrase easy_install descriptions
2018-09-29 10:47:19 +01:00
Emilio Pinna
9dc6a93e5b
Add download to easy_install
2018-09-29 10:46:03 +01:00
Emilio Pinna
c2224a6b49
Add easy_install file-write
2018-09-28 17:57:23 +01:00
Emilio Pinna
0e639583d6
Add easy_install
2018-09-27 22:53:55 +01:00
Emilio Pinna
5087fa15ef
Remove pip description
2018-09-27 22:00:56 +01:00
Emilio Pinna
be7f7b87a0
Remove capabilities-enabled and sudo-enabled from pip
2018-09-27 21:54:50 +01:00
Emilio Pinna
1321a330a5
Fix pip setcap
2018-09-27 21:43:28 +01:00
Emilio Pinna
ce111369f3
Try add python payloads to pip
2018-09-27 21:34:49 +01:00
Andrea Cardaci
0db7fe5f32
Fix pip to work in both Linux and macOS
2018-09-27 12:58:29 +02:00
Emilio Pinna
3c59b1c2fc
Add python functions to gdb
2018-09-25 22:44:12 +01:00
Emilio Pinna
12aa95cf2f
Fix pip description
2018-09-25 22:16:12 +01:00
Emilio Pinna
0ec8e7d99d
Fix gdb description
2018-09-25 22:02:25 +01:00
Emilio Pinna
1222c37802
Merge python2 and python3
2018-09-25 21:41:31 +01:00
Emilio Pinna
ebb9fd00be
Fix python3 upload
2018-09-25 20:37:38 +01:00
Emilio Pinna
d3659b5cc6
Fix python2 upload
2018-09-25 20:37:38 +01:00
Andrea Cardaci
689e00461d
Get rid of base64 for curl and wget and make descriptions similar
...
Close #24 .
2018-09-25 19:56:27 +02:00
Roman Mueller
9bac306503
Add history file read/write to bash
...
Close #21 .
2018-09-13 18:51:28 +02:00
Andrea Cardaci
b10791a840
Add download to finger
2018-09-13 15:42:45 +02:00
Andrea Cardaci
2e477b25de
Add the capabilities-enabled function
...
This exploits `setcap` to persist root privileges on Linux.
2018-09-13 14:49:51 +02:00
Andrea Cardaci
aed737131c
Add capabilities to gdb
2018-09-13 14:48:40 +02:00
Emilio Pinna
3125617475
Add finger
2018-09-12 22:35:41 +01:00
Emilio Pinna
7314987800
Add capabilities to node
2018-09-12 22:02:05 +01:00
Emilio Pinna
c7375411b7
Add capabilities to perl, php, python3, and ruby
2018-09-12 21:57:04 +01:00
Emilio Pinna
e72d7e3d19
Reorder functions
2018-09-12 21:56:42 +01:00
Emilio Pinna
1afd9ec9ec
Drafting capabilities
2018-09-12 21:29:53 +01:00
Andrea Cardaci
2e6968e883
Clarify aria2c --allow-overwrite
...
As discussed in #22 .
2018-09-07 13:46:22 +02:00
Andrea Cardaci
e5d5f2e2c6
Clarify tcpdump subprocess
2018-09-07 13:33:30 +02:00
Andrea Cardaci
17c3e974a7
Add a full local version of aria2c and add --allow-overwrite
...
Close #22
2018-09-07 13:30:55 +02:00
HugoDelval
65b762ca80
Add aria2c
...
Taken from https://github.com/InsecurityAsso/inshack-2018/blob/master/web/curler/exploit/exploit
2018-09-07 13:30:10 +02:00
Andrea Cardaci
8eaf595fe6
Make interactive execute whenever possible
...
Here the trick is to restore those file descriptors (0, 1, 2) that have been
redirected (`dup2`) by the parent process.
First we need to determine which one has been redirected, for example by looking
at `ls -l /proc/$$/fd/`. Then we can use `0<&x`, `1>&x` or `2>&x` to restore 0,
1 or 2 respectively, where `x` is any file descriptor number that points to the
TTY.
It may happen that no file descriptor is unchanged, in that case we can use
`tty` to perform the redirection: sh <$(tty) >$(tty) 2>$(tty)
2018-09-07 01:11:06 +02:00