xocopy Logo

xocopy

0
Free
Visit Website

Sometimes when you're on a Unix system where you do not have admin privileges, you can come across programs with strange permissions such as the following: -rwx--x--x 1 root root 56152 Jul 1 12:37 runme. The permissions are set so that anyone can execute this program, but only the file owner can read the program. However, this is not true. If somebody can execute the program, they can copy it by reading it from memory once the program has been loaded. xocopy is a program that can copy executables with execute, but no read permission. It has been tested on FreeBSD and Linux kernels 2.[246].x. Limitations: Does not work with SUID or SGID executables on Linux 2.2.x. However, it works fine on 2.4.x and 2.6.x. Limited to ELF executables. Can only copy programs that have the ELF header and program header table inside a loadable segment. GCC does this by default. Download xocopy.c

FEATURES

ALTERNATIVES

A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.

A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.

Python 3 tool for parsing Yara rules with ongoing development.

A yara module for searching strings inside zip files

OCyara performs OCR on image files and scans them for matches to Yara rules, supporting Debian-based Linux distros.

Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.

Collects Yara rules from over 150 free resources, a free alternative to Valhalla.

RABCDAsm is a collection of utilities for ActionScript 3 assembly/disassembly and SWF file manipulation.

CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Copyright © 2024 - All rights reserved