Giter Club home page Giter Club logo

wget-root's Introduction

Wget-Root

⚠️ Warning: This script is completly for white hat activities. I do not claim any responsibility for the damage it may cause if used for offensive purposes.

If the wget binary has the SUID bit set, It does not drop the elevated privileges and may be abused to access the file system. It may be used to do privileged writes or write files outside a restricted file system. This script automates the rewriting of the passwd file of the victims machine

Usage

Firstly copy the /etc/passwd file of the victim to your host machine, using the following command: scp user@host /etc/passwd .
( ⚠️ Be carefull when typing the files destination and don't overwrite your own /etc/passwd file)
After copying the /etc/passwd file of the victim, it is time to run the exploit.
( ⚠️ You will need to run the exploit with sudo since root privileges are needed to modify the /etc/passwd file of the victim because of permission reasons)

usage: sudo wget_exploit.py [-h] [--file FILE] [--interface INTERFACE] [--port PORT] [--password PASSWORD]

Poison the victims /etc/passwd file and host it over HTTP. Overwrite the /etc/passwd file of the victim by abusing the SUID bit of the wget binary.

options:
  -h, --help            show this help message and exit
  --file FILE, -f FILE  passwd file to poison
  --interface INTERFACE, -i INTERFACE
                        network interface or IP address to host the HTTP server (default: eth0)
  --port PORT, -p PORT  port to serve the HTTP server (default: 8000)
  --password PASSWORD, -P PASSWORD
                        password to set for the root user (default: root)

The script will poison the <passwd copy> file, by adding the new root password. Then it will host the <passwd copy> file to the web using a custom reuseable python HTTP server.
Dynamic instructions will also be printed at the command line during the exploit execution as shown in the picture below. The password for the root user, is simply root.

Proof Of Concept Video
Screenshot 2022-08-01 11:01:30

TryHackMe has an awesome machine that lets you play with this exploit.
⚠️ Solving CTF's with others exploit just kills the fun. Using this exploit to solve the ctf above is not recommended for begginers in the world of IT. More advanced users are welcome to use this exploit to automatically solve the CTF listed above for fun or for testing purposes.

wget-root's People

Contributors

lil-skelly avatar stuub avatar

Stargazers

avatar S9A avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.