From 254db17d9c2cf4a76b8bca0998724897be6d03e7 Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Mon, 3 May 2021 19:45:11 +0200
Subject: [PATCH] Simplify strace file-read

---
 _gtfobins/strace.md | 25 +++----------------------
 1 file changed, 3 insertions(+), 22 deletions(-)

diff --git a/_gtfobins/strace.md b/_gtfobins/strace.md
index 0cf116e..e82c7c0 100644
--- a/_gtfobins/strace.md
+++ b/_gtfobins/strace.md
@@ -1,29 +1,10 @@
 ---
 functions:
   file-write:
-    - description: write DATA to $WFILE
+    - description: The data to be written appears amid the syscall log, quoted and with special characters escaped in octal notation. The string representation will be truncated, pick a value big enough. More generally, any binary that executes whatever syscall passing arbitrary data can be used in place of `strace - DATA`.
       code: |
-        LFILE=$(mktemp --suffix=.s)
-        WFILE=file-to-write
-        elf=$(mktemp -u)
-        vi $LFILE
-        ;#####CODE START#####
-        .global _start
-        _start:
-        .intel_syntax noprefix
-        mov rax,2
-        lea rdi,[rip+DATA]
-        mov rsi, 0
-        syscall
-        mov rax,60
-        mov rdi,0
-        syscall
-        DATA:
-        .string "THIS IS THE DATA NEED TO BE WRITTEN USING STRACE"
-        ;#####CODE END#####
-        :wq
-        gcc -nostdlib --static $LFILE -o $elf
-        strace -o $WFILE $elf
+        LFILE=file_to_write
+        strace -s 999 -o $LFILE strace - DATA
   shell:
     - code: strace -o /dev/null /bin/sh
   suid: