getcap -r /2>/dev/null|grep python 显示:/usr/bin/python2.7 = cap_sys_ptrace+ep 2、准备提权脚本,该脚本如果执行成功,会在本地监听5600端口,也可以修改shellcode部分监听其他端口,脚本来自:https://gist.githubusercontent.com/wifisecguy/1d69839fe855c36a1dbecca66948ad56/raw/e919439010bbabed769d86303f...
当python具备cap_sys_ptrace+ep 能力时,可以用来进行提权。提权原理见:https://blog.pentesteracademy.com/privilege-escalation-by-abusing-sys-ptrace-linux-capability-f6e6ad2a59cc 1、查看python是否具备该能力 getcap -r /2>/dev/null|grep python 显示:/usr/bin/python2.7 = cap_sys_ptrace+ep 1. 2. ...
chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read+ep...
_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_lease,cap_audit_write,cap_audit_control,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend-ep ...
当python具备cap_sys_ptrace+ep 能力时,可以用来进行提权。提权原理见:https://blog.pentesteracademy.com/privilege-escalation-by-abusing-sys-ptrace-linux-capability-f6e6ad2a59cc 1、查看python是否具备该能力 getcap -r /2>/dev/null|grep python