search

The-Z-Labs / linux-exploit-suggester

Linux privilege escalation auditing tool
GNU General Public License v3.0
5.56k stars 1.09k forks source link

cannot create temp file for here-document: No such file or directory #55

Closed noraj closed 4 years ago

noraj commented 5 years ago

When /tmp is not writable but /www/tmp is. I downloaded linux-exploit-suggester to /www/tmp and ran it:

bash-4.2$ bash les.sh
les.sh: line 81: cannot create temp file for here-document: No such file or directory
les.sh: line 92: cannot create temp file for here-document: No such file or directory
les.sh: line 101: cannot create temp file for here-document: No such file or directory
les.sh: line 110: cannot create temp file for here-document: No such file or directory
les.sh: line 119: cannot create temp file for here-document: No such file or directory
les.sh: line 128: cannot create temp file for here-document: No such file or directory
les.sh: line 137: cannot create temp file for here-document: No such file or directory
les.sh: line 146: cannot create temp file for here-document: No such file or directory
les.sh: line 155: cannot create temp file for here-document: No such file or directory
les.sh: line 165: cannot create temp file for here-document: No such file or directory
les.sh: line 174: cannot create temp file for here-document: No such file or directory
les.sh: line 183: cannot create temp file for here-document: No such file or directory
les.sh: line 193: cannot create temp file for here-document: No such file or directory
les.sh: line 202: cannot create temp file for here-document: No such file or directory
les.sh: line 212: cannot create temp file for here-document: No such file or directory
les.sh: line 224: cannot create temp file for here-document: No such file or directory
les.sh: line 235: cannot create temp file for here-document: No such file or directory
les.sh: line 246: cannot create temp file for here-document: No such file or directory
les.sh: line 256: cannot create temp file for here-document: No such file or directory
les.sh: line 266: cannot create temp file for here-document: No such file or directory
les.sh: line 275: cannot create temp file for here-document: No such file or directory
les.sh: line 284: cannot create temp file for here-document: No such file or directory
les.sh: line 293: cannot create temp file for here-document: No such file or directory
...
[CONTINUE]
...
Available information:

Kernel version: [REDACTED]
Architecture: x86_64
Distribution: RHEL
Distribution version: 
Additional checks (CONFIG_*, sysctl entries, custom Bash commands): performed
Package listing: from current OS

Searching among:

71 kernel space exploits
39 user space exploits

Possible Exploits:

les.sh: line 2224: cannot create temp file for here-document: No such file or directory
les.sh: line 2241: cannot create temp file for here-document: No such file or directory
les.sh: line 2224: cannot create temp file for here-document: No such file or directory
les.sh: line 2241: cannot create temp file for here-document: No such file or directory
les.sh: line 2224: cannot create temp file for here-document: No such file or directory
les.sh: line 2241: cannot create temp file for here-document: No such file or directory
les.sh: line 2224: cannot create temp file for here-document: No such file or directory
les.sh: line 2241: cannot create temp file for here-document: No such file or directory
les.sh: line 2224: cannot create temp file for here-document: No such file or directory
...
[CONTINUE]
...

However I ran https://github.com/jondonas/linux-exploit-suggester-2 and https://github.com/rebootuser/LinEnum without problem.

pyhoff commented 4 years ago

Script uses standard TMPDIR, it is not writable by account you are using. You need to find a writable path and change/create the TMPDIR environmental variable.

find a writable path: find . -writable

Change TMPDIR environmental variable to this path: export TMPDIR=/new/writbl/path

runscript

noraj commented 4 years ago

Don't you think it's more intuitive & natural to work in the current directory? Even if working in tmpdir is more "stealth" and has more chance to work.

mzet- commented 4 years ago

@noraj, LES is using heredocs all over the places. Herdocs in Bash (and most other shells) are implemented through creation of temporary files in /tmp. So if your /tmp is not writable then IMO there's no easy workaround for this.

noraj commented 4 years ago

So I should do TMPDIR=$(pwd) bash les.sh instead?

mzet- commented 4 years ago

Not sure if it works - try it. Also you can grab the output of uname -a command on your target and then run LES on your other machine: les.sh --uname <uname-string>. This is not ideal (as it does not conduct some additional checks) but it's better than nothing.

noraj commented 4 years ago

I don't have access to this machine anymore, let's close this.