hacktricks/linux-unix/privilege-escalation/exploiting-yum.md

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
{% endhint %}
{% endhint %}
{% endhint %}
{% endhint %}
{% endhint %}
{% endhint %}
{% endhint %}
{% endhint %}
{% endhint %}
{% endhint %}
{% endhint %}
{% endhint %}
{% endhint %}
{% endhint %}

Mifano zaidi kuhusu yum inaweza kupatikana kwenye [gtfobins](https://gtfobins.github.io/gtfobins/yum/).

# Kutekeleza amri zisizo na mipaka kupitia RPM Packages
## Kuangalia Mazingira
Ili kutumia njia hii, mtumiaji lazima aweze kutekeleza amri za yum kama mtumiaji mwenye mamlaka ya juu, yaani, root.

### Mfano unaofanya kazi wa njia hii
Mfano unaofanya kazi wa exploit hii unaweza kupatikana katika chumba cha [daily bugle](https://tryhackme.com/room/dailybugle) kwenye [tryhackme](https://tryhackme.com).

## Kufunga RPM
Katika sehemu ifuatayo, nitashughulikia kufunga shell ya nyuma ndani ya RPM kwa kutumia [fpm](https://github.com/jordansissel/fpm).

Mfano hapa chini unaunda kifurushi kinachojumuisha trigger ya kabla ya kufunga na script isiyo na mipaka ambayo inaweza kufafanuliwa na mshambuliaji. Wakati wa kufunga, kifurushi hiki kitatekeleza amri isiyo na mipaka. Nimeweka mfano rahisi wa shell ya nyuma ya netcat kwa ajili ya kuonyesha lakini hii inaweza kubadilishwa kama inavyohitajika.
```text
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
</details>
{% endhint %}
</details>
{% endhint %}
</details>
{% endhint %}
</details>
{% endhint %}
</details>
{% endhint %}
</details>
{% endhint %}
</details>
{% endhint %}
</details>
{% endhint %}
</details>
{% endhint %}
</details>
{% endhint %}hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

{% endhint %}
</details>
{% endhint %}
</details>
{% endhint %}
</details>
{% endhint %}
</details>
{% endhint %}
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:50:00 +00:00			`{% hint style="success" %}`
			`Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:50:00 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:50:00 +00:00			`<summary>Support HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:50:00 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:50:00 +00:00			`{% endhint %}`
			`{% endhint %}`
			`{% endhint %}`
			`{% endhint %}`
			`{% endhint %}`
			`{% endhint %}`
			`{% endhint %}`
			`{% endhint %}`
			`{% endhint %}`
			`{% endhint %}`
			`{% endhint %}`
			`{% endhint %}`
			`{% endhint %}`
			`{% endhint %}`
			`{% endhint %}`

			`Mifano zaidi kuhusu yum inaweza kupatikana kwenye [gtfobins](https://gtfobins.github.io/gtfobins/yum/).`

			`# Kutekeleza amri zisizo na mipaka kupitia RPM Packages`
			`## Kuangalia Mazingira`
			`Ili kutumia njia hii, mtumiaji lazima aweze kutekeleza amri za yum kama mtumiaji mwenye mamlaka ya juu, yaani, root.`

			`### Mfano unaofanya kazi wa njia hii`
			`Mfano unaofanya kazi wa exploit hii unaweza kupatikana katika chumba cha [daily bugle](https://tryhackme.com/room/dailybugle) kwenye [tryhackme](https://tryhackme.com).`

			`## Kufunga RPM`
			`Katika sehemu ifuatayo, nitashughulikia kufunga shell ya nyuma ndani ya RPM kwa kutumia [fpm](https://github.com/jordansissel/fpm).`

			`Mfano hapa chini unaunda kifurushi kinachojumuisha trigger ya kabla ya kufunga na script isiyo na mipaka ambayo inaweza kufafanuliwa na mshambuliaji. Wakati wa kufunga, kifurushi hiki kitatekeleza amri isiyo na mipaka. Nimeweka mfano rahisi wa shell ya nyuma ya netcat kwa ajili ya kuonyesha lakini hii inaweza kubadilishwa kama inavyohitajika.`
Add exploiting-yum page 2020-11-26 04:33:08 +00:00			```text
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:50:00 +00:00			`{% hint style="success" %}`
			`Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:50:00 +00:00			`<summary>Support HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:50:00 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:50:00 +00:00			`</details>`
			`{% endhint %}`
			`</details>`
			`{% endhint %}`
			`</details>`
			`{% endhint %}`
			`</details>`
			`{% endhint %}`
			`</details>`
			`{% endhint %}`
			`</details>`
			`{% endhint %}`
			`</details>`
			`{% endhint %}`
			`</details>`
			`{% endhint %}`
			`</details>`
			`{% endhint %}`
			`</details>`
			`{% endhint %}`
			`</details>`
			`{% endhint %}hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:50:00 +00:00			`{% endhint %}`
			`</details>`
			`{% endhint %}`
			`</details>`
			`{% endhint %}`
			`</details>`
			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00			`</details>`
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie 2024-07-19 04:50:00 +00:00			`{% endhint %}`