xocopy Logo

xocopy

0
Free
Visit Website

Sometimes when you're on a Unix system where you do not have admin privileges, you can come across programs with strange permissions such as the following: -rwx--x--x 1 root root 56152 Jul 1 12:37 runme. The permissions are set so that anyone can execute this program, but only the file owner can read the program. However, this is not true. If somebody can execute the program, they can copy it by reading it from memory once the program has been loaded. xocopy is a program that can copy executables with execute, but no read permission. It has been tested on FreeBSD and Linux kernels 2.[246].x. Limitations: Does not work with SUID or SGID executables on Linux 2.2.x. However, it works fine on 2.4.x and 2.6.x. Limited to ELF executables. Can only copy programs that have the ELF header and program header table inside a loadable segment. GCC does this by default. Download xocopy.c

FEATURES

ALTERNATIVES

Collects Yara rules from over 150 free resources, a free alternative to Valhalla.

Generates a YARA rule to match basic blocks of the current function in IDA Pro

Python 3 tool for parsing Yara rules with ongoing development.

Python wrapper for the Libemu library for analyzing shellcode.

Java decompiler for modern Java features up to Java 14.

Management portal for LoKi scanner with centralized database for scanning activities.

A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.

Parse YARA rules into a dictionary representation.

PINNED