// notes/ PrivEsc — Linux
🐧
Misc Abusing Scripts
<figure<img src="/files/MlFOPBHjqnIYrLVDnkNf" alt=""<figcaption</figcaption</figure
#linux privilege escalation#adot8
source · oscp.adot8.com · linux-privilege-escalation/misc_abusing-scripts ↗Abusing scripts
Command Injection w/ Scripts
<figure><img src="/files/MlFOPBHjqnIYrLVDnkNf" alt=""><figcaption></figcaption></figure>This bit of code on in a script (being ran as root) isn't using the full path of another script when calling upon it. We can simply place a script in the pwd to run instead of it
{% hint style="info" %} If source code is being handed to you, READ IT {% endhint %}
<figure><img src="/files/t02jqyBKoOp6RlRPf5a0" alt=""><figcaption></figcaption></figure>This is python2 because there are no () on the print. Code execution is possible with the input function in python2
code
01__import__('os').system('/bin/bash')