elvish is a Unix shell that emphasizes expressiveness and extensibility. It aims to provide a more user-friendly and programmable shell experience, with features such as a powerful scripting language, a rich set of data types, and a clean and consistent syntax.
PoC代码[已公开]
id: privesc-elvish
info:
name: elvish - Privilege Escalation
author: daffainfo
severity: high
description: |
elvish is a Unix shell that emphasizes expressiveness and extensibility. It aims to provide a more user-friendly and programmable shell experience, with features such as a powerful scripting language, a rich set of data types, and a clean and consistent syntax.
reference:
- https://gtfobins.github.io/gtfobins/elvish/
metadata:
verified: true
max-request: 3
tags: code,linux,elvish,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
elvish -c 'whoami'
- engine:
- sh
- bash
source: |
sudo elvish -c 'whoami'
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4a0a00473045022100b374ffd7c54c04c79d5c42eecd868d80ebb12eaf94a843f8aabf569ee1b9d10902207a107d6775214547fc236e7e0f5cd3a62c9bc5db0e4dd6611333512d3f9f7271:922c64590222798bb761d5b6d8e72950