漏洞描述
The unshare command is used to run a command in a new namespace, which can isolate various aspects of the system, such as the mount namespace, network namespace, user namespace, and more.
privesc-unshare: Unshare - Privilege Escalation
PoC代码[已公开]
id: privesc-unshare
info:
name: Unshare - Privilege Escalation
author: daffainfo
severity: high
description: |
The unshare command is used to run a command in a new namespace, which can isolate various aspects of the system, such as the mount namespace, network namespace, user namespace, and more.
reference:
- https://gtfobins.github.io/gtfobins/unshare/
metadata:
verified: true
max-request: 3
tags: code,linux,unshare,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
unshare whoami
- engine:
- sh
- bash
source: |
sudo unshare whoami
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4a0a0047304502204c00cedda6e892a30844593aca5a22e84ae11b8d8383d06af014137ec8d68e4f022100d99adbe5ea3920d2725643d58675088fb1102e44bad61f185f4db4370645e9c5:922c64590222798bb761d5b6d8e72950