xocopy Logo

xocopy

0
Free
Visit Website

Sometimes when you're on a Unix system where you do not have admin privileges, you can come across programs with strange permissions such as the following: -rwx--x--x 1 root root 56152 Jul 1 12:37 runme. The permissions are set so that anyone can execute this program, but only the file owner can read the program. However, this is not true. If somebody can execute the program, they can copy it by reading it from memory once the program has been loaded. xocopy is a program that can copy executables with execute, but no read permission. It has been tested on FreeBSD and Linux kernels 2.[246].x. Limitations: Does not work with SUID or SGID executables on Linux 2.2.x. However, it works fine on 2.4.x and 2.6.x. Limited to ELF executables. Can only copy programs that have the ELF header and program header table inside a loadable segment. GCC does this by default. Download xocopy.c

FEATURES

ALTERNATIVES

A Burp extension to check JWT tokens for potential weaknesses

Use FindYara, an IDA python plugin, to scan your binary with yara rules and quickly jump to matches.

An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.

A collaborative malware analysis framework with various features for automated analysis tasks.

Microservice for scanning files with Yara

Tool for fingerprinting malware HTTP requests.

A freeware suite of tools for PE editing and process viewing, including CFF Explorer and Resource Editor.

Detect capabilities in executable files and identify potential behaviors.