Reproduce on Kali First set suid permissions for the required vim.basic file chmod u+s /usr/bin/vim.basic First adduser test1 a normal permission user Now is a suitable environment for privilege escalation You can find files with suid permissions by using the following command
The files that can be used to escalate privileges are
The idea of using vim to elevate privileges is to modify the etc/passwd file and add a user with root privileges for yourself The user format of the passwd file is: username:password:uid:gid:comment:home directory:user's shell Here you can see the format of the root user root:x:0:0:root:/root:/bin/bash (The password part is x because the real password is stored in the /etc/shadow file) Generate a password: use openssl passwd -1 –salt asd 123 (here is -1 (number 1) not L) Write it directly in the passwd file. toor:$1$asd$sTMDZlRI6L.jJEw2I.3x8.:0:0:root:/toor:/bin/bash You can modify it with vim /etc/passwd, but when saving, E212 will appear, and it cannot be saved, prompting us that we do not have permission to modify this At this time, you should use the vim.basic file found earlier to run it. This program has suid permissions. Definitely editable vim.basic /etc/passwd Use this to open, then modify the file and save it successfully You can see that it has been added, switch to su toor, password 123, and then check the permissions with id root permissions chmod u+s /usr/bin/vim.basic The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM. You may also be interested in:
|
<<: An article to help you thoroughly understand position calculation in js
>>: Detailed explanation of MySQL combined index method
Mysql join query 1. Basic concepts Connect each r...
Table of contents 1. Download WeChat developer to...
Docker Overview Docker is an open source software...
Analyze four common methods and principles: float...
Table of contents What is multi-environment confi...
When you send a network request, the following sa...
question: My blog encoding is utf-8. Sometimes whe...
Now let's summarize several situations of con...
1. Concept They are all attributes of Element, in...
I'll record the problems I encountered during...
This article shares the specific code for JavaScr...
I have seen some dynamic routing settings on the ...
Table of contents Preface 1. Environment Configur...
Last year, due to project needs, I wrote a crawle...
Give time time and let the past go. In the previo...