Their seems to be a problem in "Uncommon setuid binaries" check if the uncommon suid binary names matches to that of in ${lse_common_setuid}
e.g.
┌──(kali㉿kali)-[/tmp]
└─$ cat test.sh
!/bin/sh
setuidbin=sys
for cs in ping ping6;
do
setuidbin=printf "$setuidbin\n" | grep -Ev "$cs";
done;
printf "$setuidbin\n"
┌──(kali㉿kali)-[/tmp]
└─$ ./test.sh
sys <=========================== OK
= = = =
┌──(kali㉿kali)-[/tmp]
└─$ cat test.sh
!/bin/sh
setuidbin=pingsys
for cs in ping ping6;
do
setuidbin=printf "$setuidbin\n" | grep -Ev "$cs";
done;
printf "$setuidbin\n"
┌──(kali㉿kali)-[/tmp]
└─$ ./test.sh
<=========================== NOT OK, was expecting pingsys
Was doing a room on THM where we have to do privesc using an uncommon suid binary named "pingsys" and to my surprise it was not picked up by lse in Uncommon setuid binaries.
Hi diego,
Their seems to be a problem in "Uncommon setuid binaries" check if the uncommon suid binary names matches to that of in ${lse_common_setuid} e.g. ┌──(kali㉿kali)-[/tmp] └─$ cat test.sh
!/bin/sh
setuidbin=sys for cs in ping ping6; do setuidbin=
printf "$setuidbin\n" | grep -Ev "$cs"
; done; printf "$setuidbin\n"┌──(kali㉿kali)-[/tmp] └─$ ./test.sh sys <=========================== OK
= = = = ┌──(kali㉿kali)-[/tmp] └─$ cat test.sh
!/bin/sh
setuidbin=pingsys for cs in ping ping6; do setuidbin=
printf "$setuidbin\n" | grep -Ev "$cs"
; done; printf "$setuidbin\n"┌──(kali㉿kali)-[/tmp] └─$ ./test.sh
<=========================== NOT OK, was expecting pingsys
Was doing a room on THM where we have to do privesc using an uncommon suid binary named "pingsys" and to my surprise it was not picked up by lse in Uncommon setuid binaries.
Please have a look.