{{#include ../../banners/hacktricks-training.md}}

Further examples around yum can also be found on [gtfobins](https://gtfobins.github.io/gtfobins/yum/).

# Executing arbitrary commands via RPM Packages

## Checking the Environment

In order to leverage this vector the user must be able to execute yum commands as a higher privileged user, i.e. root.

### A working example of this vector

A working example of this exploit can be found in the [daily bugle](https://tryhackme.com/room/dailybugle) room on [tryhackme](https://tryhackme.com).

## Packing an RPM

In the following section, I will cover packaging a reverse shell into an RPM using [fpm](https://github.com/jordansissel/fpm).

The example below creates a package that includes a before-install trigger with an arbitrary script that can be defined by the attacker. When installed, this package will execute the arbitrary command. I've used a simple reverse netcat shell example for demonstration but this can be changed as necessary.

```text

```

{{#include ../../banners/hacktricks-training.md}}