id: privesc-agetty

info:
  name: agetty - Privilege Escalation
  author: bobakabill
  severity: high
  description: |
    The agetty command in Linux is used to invoke the /bin/login command for a given user. If the SUID bit is set, it can be used to gain a high-privilege s>
  reference:
    - https://gtfobins.github.io/gtfobins/agetty/
  metadata:
    verified: true
    max-request: 2
  tags: code,linux,find,privesc,local

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
     find /bin /sbin /usr/bin /usr/sbin /usr/local/sbin -type f -name agetty 2>/dev/null -perm /4000
     find /bin /sbin /usr/bin /usr/sbin /usr/local/sbin -type f -name agetty 2>/dev/null -perm /6000

    matchers:
      - type: word
        words:
          - "agetty"
# digest: 4b0a00483046022100996929fcb6fe3e9d31e7a3166a54a1f08b2c301c1297b1be8b64c03439e0163e022100db37a14dc4a3b8d526219634231a408a6692216f32d2b4a2eba5a4a6f416de52:922c64590222798bb761d5b6d8e72950