From 710986d94fe403a65f5aa7d4273740bca7138c6f Mon Sep 17 00:00:00 2001
From: "Mr. Robot" <t0thkr1s@icloud.com>
Date: Tue, 11 May 2021 10:15:53 +0200
Subject: [PATCH] add file read and write to ltrace

---
 data/ltrace.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/data/ltrace.json b/data/ltrace.json
index e91bcad..5125a92 100644
--- a/data/ltrace.json
+++ b/data/ltrace.json
@@ -1,5 +1,17 @@
 {
   "functions": {
+    "file-read": [
+      {
+        "description": "The file is parsed as a configuration file and its content is shown as error messages, thus this is not suitable to exfiltrate binary files.",
+        "code": "ltrace -F [file] /dev/null\n"
+      }
+    ],
+    "file-write": [
+      {
+        "description": "The data to be written appears amid the library function call log, quoted and with special characters escaped in octal notation. The string representation will be truncated, pick a value big enough. More generally, any binary that executes whatever library function call passing arbitrary data can be used in place of 'ltrace -F [data]'.",
+        "code": "ltrace -s 999 -o [file] ltrace -F [data]\n"
+      }
+    ],
     "shell": [
       {
         "code": "ltrace -b -L /bin/sh"
@@ -11,4 +23,4 @@
       }
     ]
   }
-}
\ No newline at end of file
+}