63 lines
2.7 KiB
YAML
63 lines
2.7 KiB
YAML
---
|
|
# this is the rendering order of functions
|
|
|
|
shell:
|
|
label: Shell
|
|
description: It can be used to break out from restricted environments by spawning an interactive system shell.
|
|
|
|
command:
|
|
label: Command
|
|
description: It can be used to break out from restricted environments by running non-interactive system commands.
|
|
|
|
reverse-shell:
|
|
label: Reverse shell
|
|
description: It can send back a reverse shell to a listening attacker to open a remote network access.
|
|
|
|
non-interactive-reverse-shell:
|
|
label: Non-interactive reverse shell
|
|
description: It can send back a non-interactive reverse shell to a listening attacker to open a remote network access.
|
|
|
|
bind-shell:
|
|
label: Bind shell
|
|
description: It can bind a shell to a local port to allow remote network access.
|
|
|
|
non-interactive-bind-shell:
|
|
label: Non-interactive bind shell
|
|
description: It can bind a non-interactive shell to a local port to allow remote network access.
|
|
|
|
file-upload:
|
|
label: File upload
|
|
description: It can exfiltrate files on the network.
|
|
|
|
file-download:
|
|
label: File download
|
|
description: It can download remote files.
|
|
|
|
file-write:
|
|
label: File write
|
|
description: It writes data to files, it may be used to do privileged writes or write files outside a restricted file system.
|
|
|
|
file-read:
|
|
label: File read
|
|
description: It reads data from files, it may be used to do privileged reads or disclose files outside a restricted file system.
|
|
|
|
library-load:
|
|
label: Library load
|
|
description: It loads shared libraries that may be used to run code in the binary execution context.
|
|
|
|
suid:
|
|
label: SUID
|
|
description: It runs with the SUID bit set and may be exploited to access the file system, escalate or maintain access with elevated privileges working as a SUID backdoor. If it is used to run `sh -p`, omit the `-p` argument on systems like Debian (<= Stretch) that allow the default `sh` shell to run with SUID privileges.
|
|
|
|
sudo:
|
|
label: Sudo
|
|
description: It runs in privileged context and may be used to access the file system, escalate or maintain access with elevated privileges if enabled on `sudo`.
|
|
|
|
capabilities:
|
|
label: Capabilities
|
|
description: It can manipulate its process UID and can be used on Linux as a backdoor to maintain elevated privileges with the `CAP_SETUID` capability set. This also works when executed by another binary with the capability set.
|
|
|
|
limited-suid:
|
|
label: Limited SUID
|
|
description: It runs with the SUID bit set and may be exploited to access the file system, escalate or maintain access with elevated privileges working as a SUID backdoor. If it is used to run commands it only works on systems like Debian (<= Stretch) that allow the default `sh` shell to run with SUID privileges.
|