nuclei-templates/code/privilege-escalation/linux/binary/privesc-socat.yaml

48 lines
1.3 KiB
YAML
Raw Normal View History

2024-01-22 13:29:57 +00:00
id: privesc-socat
info:
name: Socat - Privilege Escalation
author: daffainfo
severity: high
description: |
Socat is a command-line utility that establishes two bidirectional byte streams and transfers data between them. It can be used for a wide range of networking tasks, such as file transfer, port forwarding, and network testing. Socat is known for its versatility and is often used for creating complex network connections and proxies.
reference:
- https://gtfobins.github.io/gtfobins/socat/
metadata:
verified: true
tags: code,linux,socat,privesc
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
socat stdin exec:whoami
- engine:
- sh
- bash
source: |
sudo socat stdin exec:whoami
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4a0a004730450220755e5136cf6b0ec3b416358ecc2a90892c26dab2f7a3fbb6ef098cdfe1ac68d8022100f798e038d59ab5edcbefa1ed088bd0d541ef503ae79805012bebf24995cac979:922c64590222798bb761d5b6d8e72950