public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2025-02-05 18:12:44 +01:00
Code Issues Projects Releases Wiki Activity
551 Commits 1 Branch 0 Tags 7.1 MiB
d3a218db04
Commit Graph

452 Commits

Author SHA1 Message Date
Andrea Cardaci
3361f8a51d Fix and document genisoimage 
The SUID function has been removed as it appears to drop privileges (at least on
Debian).
 2020-03-15 13:20:45 +01:00
bcoles
d2bbf8b8c9 Create genisoimage.md 2020-03-15 13:20:45 +01:00
bcoles
da60e6e253 Create ksshell.md 2020-03-15 13:11:37 +01:00
bcoles
bbb7db7d63
Create crash.md 2020-03-15 13:10:31 +01:00
Andrea Cardaci
2e6fa047e9 Improve and document dmesg file read 2020-03-15 12:51:02 +01:00
bcoles
32887085bf Update dmesg.md 2020-03-15 12:51:02 +01:00
Andrea Cardaci
041cb2fb7b Link back python from pdb 2020-03-15 12:35:00 +01:00
Andrea Cardaci
1342a7b981 Avoid temp directory in pdb 2020-03-15 12:35:00 +01:00
bcoles
41124f24c2 Create pdb.md 2020-03-15 12:35:00 +01:00
Emilio Pinna
3e6ac9bcf3 Add uudecode 2020-03-15 11:25:35 +00:00
bcoles
d27860b2df Create chroot.md 2020-03-15 12:24:03 +01:00
Andrea Cardaci
8b41830d0b Add (suid) shell for nohup 2020-03-15 12:18:08 +01:00
Andrea Cardaci
8eaeb29c18 Remove export from nohup 2020-03-15 12:18:08 +01:00
bcoles
dfbe9e8bef Create nohup.md 2020-03-15 12:18:08 +01:00
Andrea Cardaci
256794389d Use latin-1 as encoding for iconv 2020-03-15 12:05:17 +01:00
Andrea Cardaci
aca4fbe67b Fix iconv bin name 2020-03-15 12:05:17 +01:00
bcoles
7aa5510f29 Create iconv.md 2020-03-15 12:05:17 +01:00
bcoles
5bde37ec38
Create uuencode.md (#92) 2020-03-15 10:46:04 +00:00
bcoles
fa2f04ba4d
Create base32.md (#90) 
Thanks!
 2020-03-15 10:44:26 +00:00
Andrea Cardaci
eb37b4ae29 Add another bundler shell example 
Related to #88.
 2020-03-14 13:20:54 +01:00
bcoles
3104f1d971
Create bundler.md 2020-03-14 13:17:09 +01:00
Andrea Cardaci
0bd4ab2b27 Use rdoc instead of json in gem 2020-03-14 13:08:13 +01:00
Andrea Cardaci
7e12bf7799 Clarify that man uses the default pager 2020-03-14 12:58:28 +01:00
Andrea Cardaci
ddd6c2e304 Fix typo in gem 2020-03-14 12:56:21 +01:00
Andrea Cardaci
48892aad60 Improve and document yelp 2020-03-14 12:45:57 +01:00
Dhiraj Mishra
8f797d3d19 Create yelp.md 2020-03-14 12:45:57 +01:00
Andrea Cardaci
dfb01a4c3b Simplify gcc shell 2020-03-14 12:20:07 +01:00
bcoles
dec4a7f928 Create gcc.md 2020-03-14 12:20:07 +01:00
bcoles
0adf67ca2f
Create gem.md 2020-03-14 11:56:23 +01:00
bcoles
b94b01477c Create cobc.md 2020-03-14 11:53:05 +01:00
Andrea Cardaci
d8a1e55782 Add look 2020-03-11 12:21:03 +01:00
Andrea Cardaci
1b4e4ab15e
Add eb 2020-03-04 20:24:29 +01:00
Emanuel Duss
b19420d1fd
Added file -f for reading files 2020-02-09 11:44:34 +01:00
Andrea Cardaci
236f88cd34 Fix and clarify sudo for top 
Related #81.
 2020-01-28 22:33:55 +01:00
Andrea Cardaci
51d7b541dc Add shell and sudo for top 
This closes #81.

Thanks to Chris McCoy (https://github.com/chris-mccoy) for the idea.
 2020-01-28 22:18:36 +01:00
Mr. Robot
304e338c2f Add macOS file read for fmt 2020-01-08 15:50:13 +01:00
Mr. Robot
4c3636900c fix typo in shell name 2020-01-08 00:49:11 +01:00
Andrea Cardaci
1f9dbbf6eb Improve bpftrace sudo shell 2020-01-03 14:11:37 +01:00
Andrea Cardaci
6b4c7c12c9 Add bpftrace sudo shell 2020-01-03 14:02:32 +01:00
Emilio
a9c3dc58fa
Fix sudo script 2019-12-31 16:46:25 +01:00
Andrea Cardaci
15b465d937 Add git hooks shell 
Closes #77 as it provides a working example and a possibly better hook. Thanks
to jivex5k <wgehalo@gmail.com> for the initial proposal.
 2019-12-18 14:38:35 +01:00
Andrea Cardaci
740fa3a44f Reword screen and use echo instead of tail with user interaction 
Based on an example provided by #76.
 2019-12-04 02:25:49 +01:00
Andrea Cardaci
15a2bbafe5 Add bash library-load 2019-11-29 13:49:37 +01:00
Tobias
09fdfe5f5d Adding sub commands sudo for git 2019-10-25 14:19:18 +02:00
Roman Mueller
3a0179306c Add file-download and file-upload to tar 2019-10-01 13:16:50 +02:00
Syed Umar Arfeen
26ea00d78a Add iftop 2019-09-28 11:41:05 +02:00
Syed Umar Arfeen
c37da57373 Providing user as argument using -Z 
For certain distributions running tcpdump without providing -Z (user) argument
causes the provided command to be executed as the `tcpdump` user which has low
privileges by default.
 2019-09-23 04:04:05 +02:00
Andrea Cardaci
47f4fb064c Add note about AppArmor in tcpdump 2019-09-22 12:01:15 +02:00
Andrea Cardaci
b5444fba6e Remove network shell functions from mawk as not supported 2019-08-30 15:48:07 +02:00
AlessandroZ
977232c45c adding gawk, nawk, mawk 2019-08-30 15:40:42 +02:00
Andrea Cardaci
391d436fc5 Add ldconfig 
Close #68.
 2019-08-14 13:14:57 +02:00
Emilio
f68a3ce009 Fix rvim file-write description 2019-08-07 08:39:28 +01:00
Andrea Cardaci
e969daf111 Reword file upload/download descriptions 2019-07-29 16:41:49 +02:00
Andrea Cardaci
a7798bcfe2 Add alternative nmap file upload/download 
Close #67.
 2019-07-29 16:32:49 +02:00
Andrea Cardaci
205e922b9b Fix Markdown line break 2019-07-29 15:17:37 +02:00
Léo Meira Vital
bd1d10bd03 Updating git sudo to not drop capabilities 
Close #66
 2019-07-09 20:55:47 +02:00
Miles Whittaker
aa08187718 Add systemctl example using SYSTEMD_EDITOR 
Close #65.
 2019-07-02 18:14:29 +02:00
Andrea Cardaci
ce031a0d95 Allow to create new containers in docker file read and write 2019-07-02 16:15:39 +02:00
Andrea Cardaci
01f6117248 Improve and generalize docker file read and write 2019-07-02 16:11:15 +02:00
Dominic Breuker
dcbf66329a Add file read and write as per #64 (temporary solution) 2019-07-02 15:53:28 +02:00
Andrea Cardaci
40ecb11b2e Simplify the docker example by using chroot 
Also make it available for non-root users.

The previous SUID example had the problem that the loaders between host and
containers must match, for example, copying `sh` from alpine to debian doesn't
directly work.
 2019-07-02 15:47:29 +02:00
Andrea Cardaci
f4a3fc9af3 Add notice about Git sudo capabilities 2019-06-23 17:24:38 +02:00
Syed Umar Arfeen
b8493f916d Increase the probability that the pager is called by Git 
`git help config` produces a much longer output, hopefully longer than the
terminal window.

Close #62
 2019-06-23 17:17:59 +02:00
Andrea Cardaci
ac68a5864a Update SUID in nano and pico 2019-04-16 19:11:31 +02:00
Andrea Cardaci
f7baa8aee6 Fix sed quotes 2019-04-16 15:50:36 +02:00
Andrea Cardaci
f088906051 Fix sed file write 2019-04-16 15:49:49 +02:00
Rich Mirch
f79b10a5f8 Add systemctl sudo shell usingpager 2019-04-16 15:41:32 +02:00
Rich Mirch
20607b9b3c Add sed shell alternative example 2019-04-16 15:37:14 +02:00
Andrea Cardaci
3bc83dcbde Add alternative file read and write to less 2019-04-08 11:26:10 +02:00
Rich Mirch
3702ec4d53 Update sudo yum by loading a custom plugin (#58) 2019-04-06 21:51:33 +01:00
Emilio
b9a262c600 Fix nano shell, suid, and sudo 2019-03-31 12:44:50 +01:00
Emilio
c20ccf4af2 Fix pico shell, suid, and sudo 2019-03-31 12:43:08 +01:00
Emilio
75eff93c50 Improve pico shell, suid, and sudo 2019-03-31 12:19:11 +01:00
Emilio
260b024c74 Add tmux 2019-03-31 11:03:55 +01:00
Emilio
08f5b33651 Add functions with default pager in git 2019-03-31 11:03:34 +01:00
Andrea Cardaci
336abc79bb Add service shell 2019-03-25 19:54:58 +01:00
Andrea Cardaci
13ab3596bb Add MySQL library-load 2019-03-25 19:40:48 +01:00
Emilio
73b18859d5 Add screen 2019-03-12 17:44:03 +00:00
S. Sauvin
383db60b02 Update ip with sudo and SUID (#56) 
* Update ip with sudo and SUID
 2019-03-12 11:51:10 +00:00
Emilio
fec4b52281 Add smbclient upload and download 2019-03-10 19:08:17 +00:00
Andrea Cardaci
58e517563c Add suid/sudo accordingly to openssl 2019-03-06 14:08:42 +01:00
Andrea Cardaci
60af774288 Add -no_ign_eof to exit nicely when possible to openssl 2019-03-06 13:54:16 +01:00
Andrea Cardaci
e1a02558ec Refactor openssl descriptions 2019-03-06 13:53:52 +01:00
Roman Mueller
cdb4576c85 Add reverse-shell, file-upload and file-download. 2019-03-05 09:37:52 +01:00
the-remmer
8c03983ab8 Add zypper 
Close #52.
 2019-02-22 12:51:30 +01:00
Jonathan Siegel
dd9f4269ed Add the GNU version of mail 
Close #54.
 2019-02-19 11:27:35 +01:00
Emilio Pinna
2650be9c68 Add new shell and sudo payload to nano 
Thanks to https://twitter.com/TheKnapsy/status/1093137518780854273.
 2019-02-15 20:10:32 +00:00
brian
3bd955e8cc Use os.execute instead of posix.exec in rpm 
From rpm versions 4.9.0 and on, posix.exec() will return an error unless called
from a child process created with posix.fork(). os.execute() may be used
instead.

This change is documented in these two resources:

- http://rpm.org/user_doc/lua.html
- https://rpm-packaging-guide.github.io/

Close #53.
 2019-02-14 12:32:18 +01:00
Emilio
52a2f4cdc7 Add Lua payloads to rvim 2019-02-03 10:21:45 +00:00
Emilio
d111e78b45 Add Lua payloads to vim 2019-02-03 10:15:53 +00:00
Emilio
9dc5fa2128 Add dnf thanks to https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/ as in #51 2019-02-02 16:15:49 +00:00
Emilio
a0674eb8f0 Add other sudo to rpm thanks to https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/ as in #51 2019-02-02 15:54:57 +00:00
Emilio
b330297943 Add yum thanks to https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/ as in #51 2019-02-02 15:46:01 +00:00
Emilio
7a3ae6e05a Add dpkg thanks to https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/ as in #51 2019-02-02 15:13:28 +00:00
Emilio
3166a321c0 Add script 2019-02-02 10:02:14 +00:00
Emilio Pinna
fc59ef546f Add arp and mtr. Thanks to https://twitter.com/insecurity_ltd/status/1087727178295529473 2019-01-30 23:07:40 +00:00
Andrea Cardaci
d0464d7ce8 Drop useless echo indentation 2019-01-29 14:25:16 +01:00
bstapes
a2886b643d Add systemctl 2019-01-29 14:12:29 +01:00
Andrea Cardaci
0109792b7e Clarify bash reverse shell 2019-01-25 16:41:15 +01:00
in.security
3a53c6339e Add ip 2019-01-25 16:40:42 +01:00