search

GTFOBins / GTFOBins.github.io

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
https://gtfobins.github.io
GNU General Public License v3.0
10.85k stars 1.33k forks source link

Add tr #431

Closed takitakitanana closed 10 months ago

takitakitanana commented 10 months ago

Hello,

Here's an alternative approach for reading files, utilizing shell builtin commands along with the tr binary. It's useful in scenarios where common file-reading utilities like cat might be restricted or monitored.

The read file approach is binary-safe. The use of a subshell is needed to avoid shutting down the main interactive shell when exec is done.

Proof of Concept:

Screenshot 2023-12-18 at 19 04 32

This submission builds on the previous PR #430 . I've taken the feedback and made tweaks for a better fit.

Thank you, taki

cyrus-and commented 10 months ago

I'm sorry, but this is not right. In this case is the shell that performs the fire read, not tr, in fact sudo tr doesn't allow you to read root files; here tr merely acts as cat.

From the other #430:

Would a PR to add this to 'ash' as read-file (UNIX shell), for example, work ?

Well, yes, but it has to involve shell builtins only, take a look at bash for example.

Does this make sense?