The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner.
PoC代码[已公开]
id: privesc-run-parts
info:
name: run-parts - Privilege Escalation
author: daffainfo
severity: high
description: |
The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner.
reference:
- https://gtfobins.github.io/gtfobins/run-parts/
metadata:
verified: true
max-request: 3
tags: code,linux,run-parts,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
run-parts --new-session --regex 'whoami' /bin
- engine:
- sh
- bash
source: |
sudo run-parts --new-session --regex 'whoami' /bin
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4b0a00483046022100b45cb313219a24e71be199e7965444e8eae74df5d45845795d2ae512636cd45602210091d4f511f1df6a3c3aa0902004aa7a82bb389ac64628a877ac785feca59559e6:922c64590222798bb761d5b6d8e72950