mirror of
https://github.com/GTFOBins/GTFOBins.github.io.git
synced 2026-03-07 06:31:33 +01:00
22 lines
646 B
Plaintext
22 lines
646 B
Plaintext
---
|
|
comment: |-
|
|
`ld.so` is the Linux dynamic linker/loader, its filename and location might change across distributions (e.g., `/lib64/ld-linux-x86-64.so.2`). The actual path is can be obtained with:
|
|
|
|
```
|
|
strings /proc/self/exe | head -1
|
|
```
|
|
functions:
|
|
shell:
|
|
- code: |-
|
|
/path/to/ld.so /bin/sh
|
|
comment: |-
|
|
The spawned process will be the loader, not the target executable, this might aid evasion. See <https://shyft.us/posts/20230526_linux_command_proxy.html> for more information.
|
|
contexts:
|
|
sudo:
|
|
suid:
|
|
code: |-
|
|
/path/to/ld.so /bin/sh -p
|
|
shell: false
|
|
unprivileged:
|
|
...
|