Uncommon setuid binaries
0xsan-z opened this issue · comments
Hi diego,
Their seems to be a problem in "Uncommon setuid binaries" check if the uncommon suid binary names matches to that of in ${lse_common_setuid}
e.g.
┌──(kali㉿kali)-[/tmp]
└─$ cat test.sh
#!/bin/sh
setuidbin=sys
for cs in ping ping6;
do
setuidbin=printf "$setuidbin\n" | grep -Ev "$cs"
;
done;
printf "$setuidbin\n"
┌──(kali㉿kali)-[/tmp]
└─$ ./test.sh
sys <=========================== OK
= = = =
┌──(kali㉿kali)-[/tmp]
└─$ cat test.sh
#!/bin/sh
setuidbin=pingsys
for cs in ping ping6;
do
setuidbin=printf "$setuidbin\n" | grep -Ev "$cs"
;
done;
printf "$setuidbin\n"
┌──(kali㉿kali)-[/tmp]
└─$ ./test.sh
<=========================== NOT OK, was expecting pingsys
Was doing a room on THM where we have to do privesc using an uncommon suid binary named "pingsys" and to my surprise it was not picked up by lse in Uncommon setuid binaries.
Please have a look.
Thanks a lot for reporting this @0xsan-z . Indeed that is a poor check. It should be fixed on version 2.8
that I've just released.