Proof of concept userspace filesystem that executes filenames as shell commands and makes the result accessible though reading the file.

Related tags

Miscellaneous execfs
Overview

ExecFS

Proof of concept userspace filesystem that executes filenames as shell commands and makes the result accessible though reading the file.

$ ./execfs mnt # or make mount
$ cat 'mnt/(uname)'
Linux
$ cat "mnt/unique text(seq 10 | awk '{c+=\$1}END{print(c)}')unique text"
55
$ fusermount -u mnt # or make umount

This can be exploited for all kinds of shenanigans in combination with the c preprocessor, because it allows for arbitrary code execution at compile time. (Please don't use this in production)

$ cat examples.h
char seed[8] = {
#include "mnt/(head -c 8 /dev/urandom | xxd -i)"
};

double pi_squared =
#include "mnt/(python -c @;import math;print(math.pi * math.pi);@;)"
;

char *kernel =
#include "mnt/(uname -sr | sed @,s/^/@;/;s/$/@;/@,)"
;
$ cpp -w -P examples.h
char seed[8] = {
  0xf9, 0x17, 0x93, 0x83, 0xf6, 0x90, 0xca, 0xa7
};
double pi_squared =
9.86960440109
;
char *kernel =
"Linux 5.16.0-1-amd64"
;

The command must be wrapped in parentheses, possibly preceded and succeeded by a unique string that doesn't occur inside the command. This is needed to distinguish between actual commands that should be executed, and other OS related filesystem quarries.

Since include directives don't allow for the inclusion of ', \, ", //, and /* characters, the following escape sequences are supported:

sequence replacement
@, '
@; "
@/ \\
@ nothing
@@ @

Licensing

This project is licensed under LICENSE.

Owner
Camel Coder
Camel Coder
A C program to strip comments from a c file and output the result to a new file.

Strip C-like Comments A C program to strip comments from a c file and output the result to a new file. Features Fast and Without any third-party libra

Max Base 4 Feb 22, 2022
anthemtotheego 330 Jul 1, 2022
CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel

CredBandit CredBandit is a proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process a

anthemtotheego 160 Jun 17, 2022
Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR

Detect-Hooks Detect-Hooks is a proof of concept Beacon Object File (BOF) that attempts to detect userland API hooks in place by AV/EDR. The BOF will r

anthemtotheego 110 Jun 27, 2022
Epitech Corewar - Réalisation d'un compilateur de RedCode (Assembleur) et d'une Virtual Machine qui interprète les fichiers '".cor" et les exécutes.

Corewar Réalisation d'un compilateur de RedCode (Assembleur) et d'une Virtual Machine qui interprète les fichiers '".cor" et les exécutes. Description

Mikael VALLENET 9 May 12, 2022
A refactored Proof-of-concept originally developed in 2017 to print all function calls with their arguments data types and values using Ptrace during program execution.

print-function-args-debugger A refactored Proof-of-concept originally developed in 2017 to print all function calls with their arguments data types an

*finixbit 15 Jun 17, 2022
An implementation and proof-of-concept of Process Forking.

ForkPlayground A library to implement the Process Forking attack described in this blog post. ForkLib - C++ library that implements the Process Forkin

Bill Demirkapi 147 Jun 16, 2022
Proof-of-concept implementation for the paper "Osiris: Automated Discovery of Microarchitectural Side Channels" (USENIX Security'21)

Osiris This repository contains the implementation of the Osiris framework discussed in the research paper "Osiris: Automated Discovery of Microarchit

CISPA 35 Jun 16, 2022
A small proof-of-concept for using disk devices for DMA on Windows.

ddma A small proof-of-concept for using disk devices for DMA on Windows. Why Some native hypervisors (i.e. Hyper-V) allow the guest unvirtualized devi

null 42 Jun 7, 2022
A proof-of-concept port of uxn to the STM32duino environment

ArdUxno-demo A quick-and-dirty proof-of-concept port of Devine Lu Linvega's amazing Uxn virtual stack machine to an STM32 microcontroller. uxn.c and u

Cass Smith 12 Feb 9, 2022
The Machinery IDL - Proof of Concept

The Machinery IDL - Proof of Concept This is a proof of concept for an Interface Description Language isomorphic with C for describing C11 ABI compati

null 5 Nov 14, 2021
CVE-2021-4034: Local Privilege Escalation in polkit's pkexec proof of concept

CVE-2021-4034 Proof of Concept Qualys researches found a pretty cool local privilege escalation vulnerability in Polkit's pkexec: writeup, tweet. This

Marco Bonelli 20 Jun 22, 2022
Proof of Concept (PoC) CVE-2021-4034

PwnKit-Exploit CVE-2021-4034 @c0br40x help to make this section in README!! Proof of Concept [email protected]:~/PwnKit-Exploit$ make cc -Wall exploit.

Luis Javier 48 Jun 27, 2022
Proof of Concept for CVE-2021-1585: Cisco ASA Device Manager RCE

staystaystay staystaystay is a proof of concept exploit for CVE-2021-1585, a man in the middle or evil endpoint RCE issue affecting Cisco ASA Device M

Jake Baines 8 Jun 23, 2022
Proof of Concept 'GeoPackage' to Arrow Converter

gpkg The goal of gpkg is to provide a proof-of-concept reader for SQLite queries into Arrow C Data interface structures. Installation You can install

Dewey Dunnington 8 May 20, 2022
Shell program written in C to implement various system calls, with support of executing commands, output redirection and signals.

Use ./shell command to start the shell. $<space>path/executable to run the executable(please specify the path without beginning it with "/"). Eg. type

Ayuj Panchal 1 Nov 15, 2021
a unix inspired, non posix compliant micro kernel (more of a monolithic kernel for now though) that i am working on in my spare time

toy-kernel a unix inspired, non posix compliant micro kernel (more of a monolithic kernel for now though) that i am working on in my spare time prereq

czapek 13 Jun 14, 2022
My_Shell is a user-defined interactive shell written in C that works similar to the original shell in linux

MY_SHELL Overview My_Shell is a user-defined interactive shell written in C that works similar to the original shell and it can execeute many of the l

Greeshma 1 Nov 22, 2021