sash is a stand-alone shell that is commonly used for system recovery and maintenance. It provides a minimal set of commands and features, making it useful in situations where the regular shell environment may not be available or functional. sash is often used in emergency situations to troubleshoot and repair systems.
PoC代码[已公开]
id: privesc-sash
info:
name: sash - Privilege Escalation
author: daffainfo
severity: high
description: |
sash is a stand-alone shell that is commonly used for system recovery and maintenance. It provides a minimal set of commands and features, making it useful in situations where the regular shell environment may not be available or functional. sash is often used in emergency situations to troubleshoot and repair systems.
reference:
- https://gtfobins.github.io/gtfobins/sash/
metadata:
verified: true
max-request: 3
tags: code,linux,sash,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
sash -c 'whoami'
- engine:
- sh
- bash
source: |
sudo sash -c 'whoami'
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4a0a0047304502202f8d07b33937f2a74819aa7b9fdb5e0e91989d7111c4f0aec13c26309ff3a5f20221008e5a2cf46d974a946025433efb5faedd6d0b5b557f207f342460ad09687cb59c:922c64590222798bb761d5b6d8e72950