2018-07-16 13:01:50 +00:00
|
|
|
---
|
2018-05-25 13:30:02 +00:00
|
|
|
execute-interactive:
|
|
|
|
|
label: Interactive execute
|
2018-06-01 10:40:05 +00:00
|
|
|
description: |
|
|
|
|
|
It executes interactive commands that may be used to break out from
|
|
|
|
|
restricted shells.
|
2018-05-21 19:14:41 +00:00
|
|
|
|
2018-05-25 13:30:02 +00:00
|
|
|
execute-non-interactive:
|
|
|
|
|
label: Non-interactive execute
|
2018-06-01 10:40:05 +00:00
|
|
|
description: |
|
|
|
|
|
It executes non-interactive commands that may be used to break out from
|
|
|
|
|
restricted shells.
|
2018-05-21 19:14:41 +00:00
|
|
|
|
2018-08-24 12:46:43 +00:00
|
|
|
reverse-shell-interactive:
|
|
|
|
|
label: Interactive reverse shell
|
2018-06-01 10:40:05 +00:00
|
|
|
description: |
|
2018-08-24 12:46:43 +00:00
|
|
|
It can send back a reverse shell to a listening attacker to open a remote
|
|
|
|
|
network access.
|
2018-05-21 19:14:41 +00:00
|
|
|
|
2018-08-24 12:46:43 +00:00
|
|
|
reverse-shell-non-interactive:
|
|
|
|
|
label: Non-interactive reverse shell
|
2018-06-01 10:40:05 +00:00
|
|
|
description: |
|
2018-08-24 12:46:43 +00:00
|
|
|
It can send back a non-interactive reverse shell to a listening attacker to
|
|
|
|
|
open a remote network access.
|
2018-05-21 19:14:41 +00:00
|
|
|
|
2018-08-24 12:46:43 +00:00
|
|
|
bind-shell-interactive:
|
|
|
|
|
label: Interactive bind shell
|
2018-06-01 10:40:05 +00:00
|
|
|
description: |
|
2018-08-24 12:46:43 +00:00
|
|
|
It can bind a shell to a local port to allow remote network access.
|
2018-05-21 19:14:41 +00:00
|
|
|
|
2018-08-24 12:46:43 +00:00
|
|
|
bind-shell-non-interactive:
|
|
|
|
|
label: Non-interactive bind shell
|
2018-06-01 10:40:05 +00:00
|
|
|
description: |
|
2018-08-24 12:46:43 +00:00
|
|
|
It can bind a non-interactive shell to a local port to allow remote network
|
|
|
|
|
access.
|
2018-05-21 19:14:41 +00:00
|
|
|
|
|
|
|
|
upload:
|
|
|
|
|
label: Upload
|
2018-06-01 10:40:05 +00:00
|
|
|
description: |
|
|
|
|
|
It can exfiltrate files on the network.
|
2018-05-21 19:14:41 +00:00
|
|
|
|
2018-08-24 12:46:43 +00:00
|
|
|
download:
|
|
|
|
|
label: Download
|
2018-06-01 10:40:05 +00:00
|
|
|
description: |
|
2018-08-24 12:46:43 +00:00
|
|
|
It can download remote files.
|
2018-05-21 19:14:41 +00:00
|
|
|
|
2018-08-24 12:46:43 +00:00
|
|
|
file-write:
|
|
|
|
|
label: File write
|
2018-06-01 10:40:05 +00:00
|
|
|
description: |
|
2018-08-24 12:46:43 +00:00
|
|
|
It writes data to files, it may be used to do privileged writes or write
|
|
|
|
|
files outside a restricted file system.
|
2018-05-23 07:06:50 +00:00
|
|
|
|
2018-08-24 12:46:43 +00:00
|
|
|
file-read:
|
|
|
|
|
label: File read
|
2018-06-01 10:40:05 +00:00
|
|
|
description: |
|
2018-08-24 12:46:43 +00:00
|
|
|
It reads data from files, it may be used to do privileged reads or disclose
|
|
|
|
|
files outside a restricted file system.
|
2018-05-25 13:30:02 +00:00
|
|
|
|
|
|
|
|
load-library:
|
|
|
|
|
label: Library load
|
2018-06-01 10:40:05 +00:00
|
|
|
description: |
|
|
|
|
|
It loads shared libraries that may be used to run code in the binary
|
|
|
|
|
execution context.
|
2018-05-28 17:08:53 +00:00
|
|
|
|
2018-08-24 12:46:43 +00:00
|
|
|
suid-enabled:
|
|
|
|
|
label: SUID
|
2018-06-01 10:40:05 +00:00
|
|
|
description: |
|
2018-08-24 12:46:43 +00:00
|
|
|
It runs with the SUID bit set and may be exploited to access the file
|
|
|
|
|
system, escalate or maintain access with elevated privileges working as a
|
2018-08-24 13:34:09 +00:00
|
|
|
SUID backdoor. If it is used to run `sh -p`, omit the `-p` argument on systems
|
|
|
|
|
like Debian that allow the default `sh` shell to run with SUID privileges.
|
2018-05-28 17:55:44 +00:00
|
|
|
|
2018-08-24 12:46:43 +00:00
|
|
|
sudo-enabled:
|
|
|
|
|
label: Sudo
|
2018-06-01 10:40:05 +00:00
|
|
|
description: |
|
2018-08-24 12:46:43 +00:00
|
|
|
It runs in privileged context and may be used to access the file system,
|
|
|
|
|
escalate or maintain access with elevated privileges if enabled on `sudo`.
|
|
|
|
|
|
2018-09-12 20:56:42 +00:00
|
|
|
capabilities-enabled:
|
|
|
|
|
label: Capabilities
|
|
|
|
|
description: |
|
|
|
|
|
It can manipulate its process UID and in Linux systems it can be set with the
|
|
|
|
|
`CAP_SETUID` capability to make it work as a backdoor to maintain elevated privileges.
|
|
|
|
|
This also works if the binary is invoked by another binary with the capability set.
|
|
|
|
|
|
2018-08-24 12:46:43 +00:00
|
|
|
suid-limited:
|
|
|
|
|
label: Limited SUID
|
|
|
|
|
description: |
|
|
|
|
|
It runs with the SUID bit set and may be exploited to access the file
|
|
|
|
|
system, escalate or maintain access with elevated privileges working as a
|
2018-08-24 13:34:09 +00:00
|
|
|
SUID backdoor. If it is used to run commands it only works on systems
|
|
|
|
|
like Debian that allow the default `sh` shell to run with SUID privileges.
|
