"posh" typically refers to the "Policy-compliant Ordinary SHell," which is a restricted shell designed to provide a limited set of commands and features for users with restricted access. It is often used in environments where users require limited functionality and access to system resources.
PoC代码[已公开]
id: privesc-posh
info:
name: posh - Privilege Escalation
author: daffainfo
severity: high
description: |
"posh" typically refers to the "Policy-compliant Ordinary SHell," which is a restricted shell designed to provide a limited set of commands and features for users with restricted access. It is often used in environments where users require limited functionality and access to system resources.
reference:
- https://gtfobins.github.io/gtfobins/posh/
metadata:
verified: true
max-request: 3
tags: code,linux,posh,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
posh -c 'whoami'
- engine:
- sh
- bash
source: |
sudo posh -c 'whoami'
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4a0a00473045022053dcbba4e8bc519b14494fa52bb34baa730307a45385ecee29a10a964332a8600221009fe4b7f7f371976cf914c7a294ec410e21a51d0191fd8ff5e225061020e8165a:922c64590222798bb761d5b6d8e72950