Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python3
- # -*- coding: utf-8 -*-
- # Made by AGS on 24/06/19
- import sys
- import subprocess
- # This script is used to tell if bash cmd on the target could be
- # used in order to escalate priviledge
- # Cf website https://gtfobins.github.io/#
- # List cmd available from gtfobins.github.io
- lst_cmd_gtfobin=["apt-get","apt","aria2c","arp","ash","awk","base64","bash","busybox","cancel","cat","chmod","chown","cpan","cp","cpulimit","crontab","csh","curl","cut","dash","date","dd","diff","dmesg","dmsetup","dnf","docker","dpkg","easy_install","ed","emacs","env","expand","expect","facter","file","find","finger","flock","fmt","fold","ftp","gdb","gimp","git","grep","head","ionice","ip","irb","jjs","journalctl","jq","jrunscript","ksh","ld","less","logsave","ltrace","lua","mail","make","man","more","mount","mtr","mv","mysql","nano","nc","nice","nl","nmap","node","od","openssl","perl","pg","php","pic","pico","pip","puppet","python","readelf","red","rlogin","rlwrap","rpm","rpmquery","rsync","ruby","run-mailcap","run-parts","rvim","scp","screen","script","sed","service","setarch","sftp","shuf","smbclient","socat","sort","sqlite3","ssh","start-stop-daemon","stdbuf","strace","systemctl","tail","tar","taskset","tclsh","tcpdump","tee","telnet","tftp","time","timeout","tmux","ul","unexpand","uniq","unshare","vi","vim","watch","wget","whois","wish","xargs","xxd","yum","zip","zsh","zypper"]
- # If mode = 0
- # Read avlb local cmd from ls output
- # Usage exemple:
- # python3 gtfobins_checker.py 0
- # If mode = 1
- # Read avlb local cmd from a file (cmd stored line by line)
- # Usage exemple:
- # python3 gtfobins_checker.py 1 list_function.txt
- if sys.len < 2:
- print("Usage: ./" + str(sys.argv[0]) + " " + "MODE" + "FILE"))
- if str(sys.argv[1]) == "0":
- print("mode Zero")
- # Get local available cmd
- result=subprocess.run(['ls', '/bin', '/sbin', '/usr/bin', 'usr/sbin', 'usr/local/bin'], stdout=subprocess.PIPE)
- list_cmd_avlb_local=result.stdout.decode('utf-8') # Convert into exploitable
- list_cmd_avlb_local=list_cmd_avlb_local.split('\n') # Make a list
- list_cmd_avlb_local=list(sorted(set(list_cmd_avlb_local))) # Order and Uniqness
- elif str(sys.argv[1]) == "1":
- print("Mode 1")
- file=str(sys.argv[2])
- list_cmd_avlb_local=[]
- for i in open(file, 'r'):
- list_cmd_avlb_local.append(i.rstrip())
- list_cmd_avlb_local=list(sorted(set(list_cmd_avlb_local)))
- for lcl_cmd in list_cmd_avlb_local:
- if lcl_cmd in lst_cmd_gtfobin:
- print("It's a match: " +str(lcl_cmd))
Add Comment
Please, Sign In to add comment