GTFOBins.github.io icon indicating copy to clipboard operation
GTFOBins.github.io copied to clipboard

Published 20 hours ago verified publisher icon GTFOBins

Create shutdown.md

Open Guardian-JTZ opened this issue 1 year ago • 2 comments

ref : https://exploit-notes.hdks.org/exploit/linux/privilege-escalation/sudo/sudo-shutdown-poweroff-privilege-escalation/

if user hash sudo shutdown privilege , we can use this command get root shell

Guardian-JTZ avatar Oct 28 '23 04:10 Guardian-JTZ

nice

epinna avatar Oct 28 '23 22:10 epinna

This makes no sense: PATH does not propagate through sudo.

sudo specifically has the directive secure_path which sets the PATH variable when you use sudo. On Ubuntu 2204, it's set by default to: Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

An administrator would have to specifically set secure_path to include /tmp, which there would never been a reason to do that.

Looking at the other notes from this website like https://exploit-notes.hdks.org/exploit/linux/privilege-escalation/sudo/sudo-reboot-privilege-escalation/, the situations here are completely unbelievable.

MegaManSec avatar Nov 24 '23 12:11 MegaManSec