mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
id: privesc-sash
|
|
|
|
info:
|
|
name: sash - Privilege Escalation
|
|
author: daffainfo
|
|
severity: high
|
|
description: |
|
|
sash is a stand-alone shell that is commonly used for system recovery and maintenance. It provides a minimal set of commands and features, making it useful in situations where the regular shell environment may not be available or functional. sash is often used in emergency situations to troubleshoot and repair systems.
|
|
reference:
|
|
- https://gtfobins.github.io/gtfobins/sash/
|
|
metadata:
|
|
verified: true
|
|
max-request: 3
|
|
tags: code,linux,sash,privesc,local
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
whoami
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
sash -c 'whoami'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
sudo sash -c 'whoami'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: code_1_response
|
|
words:
|
|
- "root"
|
|
negative: true
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(code_2_response, "root")'
|
|
- 'contains(code_3_response, "root")'
|
|
condition: or
|
|
# digest: 4a0a0047304502202f8d07b33937f2a74819aa7b9fdb5e0e91989d7111c4f0aec13c26309ff3a5f20221008e5a2cf46d974a946025433efb5faedd6d0b5b557f207f342460ad09687cb59c:922c64590222798bb761d5b6d8e72950 |