49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
id: privesc-expect
|
|
|
|
info:
|
|
name: expect - Privilege Escalation
|
|
author: daffainfo
|
|
severity: high
|
|
description: |
|
|
expect is a Unix scripting and testing utility that automates interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, and more. It uses scripts to control interactive applications, making it useful for automating tasks that involve user input.
|
|
reference:
|
|
- https://gtfobins.github.io/gtfobins/expect/
|
|
metadata:
|
|
verified: true
|
|
max-request: 3
|
|
tags: code,linux,expect,privesc,local
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
whoami
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
expect -c 'spawn whoami;interact'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
sudo expect -c 'spawn whoami;interact'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: code_1_response
|
|
words:
|
|
- "root"
|
|
negative: true
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(code_2_response, "root")'
|
|
- 'contains(code_3_response, "root")'
|
|
condition: or
|
|
# digest: 4a0a00473045022100d8da30cc73592bff116cb40a378563224df22bb81cc0fcf7e24e5c6d514aea12022075603006d0e05c5c833dac0f718846bd475be23ccd5adeeb4eb0fe6a270fb89b:922c64590222798bb761d5b6d8e72950 |