// notes/ PrivEsc — Linux
🐧

Misc Library Hijacking

This script is only readable by everyone. Its not running in cron that we can see but we can use pspy to see if it really is.

#linux privilege escalation#adot8
source · oscp.adot8.com · linux-privilege-escalation/misc_library-hijacking

Library Hijacking

This script is only readable by everyone. Its not running in cron that we can see but we can use pspy to see if it really is.

{% hint style="info" %} Understand the script format and what it's doing {% endhint %}

<figure><img src="/files/eONROKgYBlTksGUlI4sr" alt=""><figcaption></figcaption></figure>

We can see that it's running as a cronjob and calling the call.py and urllib.py libraries but them deleting them

<figure><img src="/files/gMmabQbSxZqXWn6q7vwq" alt=""><figcaption></figcaption></figure> <figure><img src="/files/cOf2HNlkx2cfyVykrEYb" alt=""><figcaption></figcaption></figure>

We can create a python reverse shell and make it call that as well and call it urllib.py