Path to OSCP - Part 2
February 17, 2016
Here's the second episode on my path to becoming OSCP certified.
- Tr0ll VM which I rooted
- Tr0ll2 VM which I failed because I didn't think to try shellshock
- Great walkthrough from which I learned the nifty trick of bash function name masking a binary (Snippet 1)
Related: Why do you need tty for sudo
Redirect bash to tcp socket
Find SUID/SGUID files for privilege escalation
Of course if you can somehow exploit these results, you might get root
Hijack a binary's full path in bash to exec your own code
Of course you might want this if a SUID bit programing is calling some binary by full path and you cannot alter that binary but want to hijack the execution.