49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
id: privesc-socat
|
|
|
|
info:
|
|
name: Socat - Privilege Escalation
|
|
author: daffainfo
|
|
severity: high
|
|
description: |
|
|
Socat is a command-line utility that establishes two bidirectional byte streams and transfers data between them. It can be used for a wide range of networking tasks, such as file transfer, port forwarding, and network testing. Socat is known for its versatility and is often used for creating complex network connections and proxies.
|
|
reference:
|
|
- https://gtfobins.github.io/gtfobins/socat/
|
|
metadata:
|
|
verified: true
|
|
max-request: 3
|
|
tags: code,linux,socat,privesc,local
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
whoami
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
socat stdin exec:whoami
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
sudo socat stdin exec:whoami
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: code_1_response
|
|
words:
|
|
- "root"
|
|
negative: true
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(code_2_response, "root")'
|
|
- 'contains(code_3_response, "root")'
|
|
condition: or
|
|
# digest: 4b0a0048304602210099cc2474353834fa6a66ad77e870bc4f92f554d9f797223c6159ff031b3dfe1f022100c127110922ef2fac1198a268a26bc62c7407f4878efdb7a06614b6bd9eb72b9d:922c64590222798bb761d5b6d8e72950 |