mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2025-01-26 05:22:56 +01:00
47 lines
1.3 KiB
HTML
47 lines
1.3 KiB
HTML
---
|
|
layout: common
|
|
---
|
|
|
|
{% capture bin_name %}{% include get_bin_name path=page.path %}{% endcapture %}
|
|
|
|
{% include page_title.html title=bin_name %}
|
|
|
|
{% include function_list.html bin=page %}
|
|
|
|
{{ page.description | markdownify }}
|
|
|
|
{% for function_pair in site.data.functions %}
|
|
{% assign function_id = function_pair[0] %}
|
|
{% assign function = function_pair[1] %}
|
|
{% assign examples = page.functions[function_id] %}
|
|
{% unless examples %}{% continue %}{% endunless %}
|
|
|
|
<h2 id="{{ function_id }}" class="function-name">{{- function.label -}}</h2>
|
|
{{ function.description | markdownify }}
|
|
|
|
<ul class="examples">
|
|
{% for example in examples %}
|
|
|
|
{% capture code %}
|
|
{%- if function_id == 'suid' or function_id == 'limited-suid' %}
|
|
# This example creates a local SUID copy of the binary and runs it to maintain elevated privileges.
|
|
# To exploit an existing SUID binary instead, skip the following command and run it using its full path.
|
|
sudo sh -c 'cp $(which {{ bin_name }}) .; chmod +s ./{{ bin_name }}'
|
|
{% endif %}
|
|
{%- if function_id == 'capabilities' %}
|
|
cp $(which {{ bin_name }}) .
|
|
sudo setcap cap_setuid+ep {{ bin_name }}
|
|
{% endif %}
|
|
{{ example.code | escape }}
|
|
{% endcapture %}
|
|
|
|
<li>
|
|
{{ example.description | markdownify }}
|
|
<pre><code>{{- code | strip -}}</code></pre>
|
|
</li>
|
|
|
|
{% endfor %}
|
|
</ul>
|
|
|
|
{% endfor %}
|