Python based applications escalation

If they run as root and we can write them replace them with a python reverse shell.

Module Hijacking

This happens when the module that a script wants to use isnt imported, we can replace it with our own version.

wifi_reset.py was importing a module wificontroller and executing some commands but this wifcontroller module was absent.

So ,we created our malicious wificontroller.py module inside the same folder i.e. /home/walter which had the malicious Privilege Escalation code. And executed it.

import os
 
def stop(text,value):
        os.system("chmod 777 /etc/passwd");
 
def reset(text,value):
        os.system("chmod +s /bin/bash");
 
def start(text,value):
        os.system("chmod 777 /etc/shadow");

As a result of executing it, we got following results.

BASH is having SUID bit. So, we became root with following command and read the root flag.

See? All it does it spawn a bash shell. Now lets run our sudo command “sudo /usr/bin/python /home/walter/wifi_reset.py”.

We get root, proof.txt and this box is done.

PreviousTips to become root NextInternal Services

Last updated 1 year ago