mirror of
https://github.com/HackTricks-wiki/hacktricks.git
synced 2025-10-10 18:36:50 +00:00
26 lines
1.0 KiB
Markdown
26 lines
1.0 KiB
Markdown
{{#include ../../banners/hacktricks-training.md}}
|
|
|
|
Further examples around yum can also be found on [gtfobins](https://gtfobins.github.io/gtfobins/yum/).
|
|
|
|
# Executing arbitrary commands via RPM Packages
|
|
|
|
## Checking the Environment
|
|
|
|
In order to leverage this vector the user must be able to execute yum commands as a higher privileged user, i.e. root.
|
|
|
|
### A working example of this vector
|
|
|
|
A working example of this exploit can be found in the [daily bugle](https://tryhackme.com/room/dailybugle) room on [tryhackme](https://tryhackme.com).
|
|
|
|
## Packing an RPM
|
|
|
|
In the following section, I will cover packaging a reverse shell into an RPM using [fpm](https://github.com/jordansissel/fpm).
|
|
|
|
The example below creates a package that includes a before-install trigger with an arbitrary script that can be defined by the attacker. When installed, this package will execute the arbitrary command. I've used a simple reverse netcat shell example for demonstration but this can be changed as necessary.
|
|
|
|
```text
|
|
|
|
```
|
|
|
|
{{#include ../../banners/hacktricks-training.md}}
|