49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
id: privesc-sash
|
|
|
|
info:
|
|
name: sash - Privilege Escalation
|
|
author: daffainfo
|
|
severity: high
|
|
description: |
|
|
sash is a stand-alone shell that is commonly used for system recovery and maintenance. It provides a minimal set of commands and features, making it useful in situations where the regular shell environment may not be available or functional. sash is often used in emergency situations to troubleshoot and repair systems.
|
|
reference:
|
|
- https://gtfobins.github.io/gtfobins/sash/
|
|
metadata:
|
|
verified: true
|
|
max-request: 3
|
|
tags: code,linux,sash,privesc,local
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
whoami
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
sash -c 'whoami'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
sudo sash -c 'whoami'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: code_1_response
|
|
words:
|
|
- "root"
|
|
negative: true
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(code_2_response, "root")'
|
|
- 'contains(code_3_response, "root")'
|
|
condition: or
|
|
# digest: 4a0a00473045022100ce3e0790fc0f2df9c854c0ebbea87101366fb71cb94b201e9cfe514944fd99a9022049f61f1295c5c558f823dce1676595bbc76b6231d4e119c8ac27fd97f13885f3:922c64590222798bb761d5b6d8e72950 |