49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
id: privesc-slsh
|
|
|
|
info:
|
|
name: slsh - Privilege Escalation
|
|
author: daffainfo
|
|
severity: high
|
|
description: |
|
|
slsh is a command-line shell that is designed to provide a secure environment for executing shell commands. It is often used in scenarios where security and privilege separation are important, such as in web hosting environments or when running untrusted code. slsh aims to provide a secure and restricted shell environment for executing commands.
|
|
reference:
|
|
- https://gtfobins.github.io/gtfobins/slsh/
|
|
metadata:
|
|
verified: true
|
|
max-request: 3
|
|
tags: code,linux,slsh,privesc,local
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
whoami
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
slsh -e 'system("whoami")'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
sudo slsh -e 'system("whoami")'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: code_1_response
|
|
words:
|
|
- "root"
|
|
negative: true
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(code_2_response, "root")'
|
|
- 'contains(code_3_response, "root")'
|
|
condition: or
|
|
# digest: 490a00463044022054dcff275e626011ad92fcd8316cdd208fe284c043a239db0ffda2204d9fb1fa02202ac46ad85fa7cc9cabac22423ed101b80e6b0ce83b18ccb1c750aae936085e25:922c64590222798bb761d5b6d8e72950 |