id: privesc-dc

info:
  name: dc - Privilege Escalation
  author: daffainfo
  severity: high
  description: |
    dc is a command-line calculator in Unix and Unix-like operating systems. It uses reverse Polish notation (RPN) and provides a simple and efficient way to perform arithmetic operations from the command line. It can be used for basic and advanced mathematical calculations, making it a handy tool for scripting and quick calculations in the terminal.
  reference:
    - https://gtfobins.github.io/gtfobins/dc/
  metadata:
    verified: true
  tags: code,linux,dc,privesc

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      whoami

  - engine:
      - sh
      - bash
    source: |
      dc -e '!whoami'

  - engine:
      - sh
      - bash
    source: |
      sudo dc -e '!whoami'

    matchers-condition: and
    matchers:
      - type: word
        part: code_1_response
        words:
          - "root"
        negative: true

      - type: dsl
        dsl:
          - 'contains(code_2_response, "root")'
          - 'contains(code_3_response, "root")'
        condition: or