O
O
OSCP Notes
Search
K
Comment on page

ifcf-<whatever> script to /etc/sysconfig/network-scripts

If, for whatever reason, a user is able to write an ifcf- script to /etc/sysconfig/network-scripts or it can adjust an existing one, then your system in pwned.
For example:
/etc/sysconfig/network-scripts/ifcfg-1337
NAME=Network /bin/id <= Note the blank space
ONBOOT=yes
DEVICE=eth0
In my case, the NAME= attributed in these network scripts is not handled correctly. If you have white/blank space in
the name the system tries to execute the part after the white/blank space. Which means; everything after the first
blank space is executed as root.
you can just run the script with sudo and do something like "Network bash" to get root.