hosting image

Pentest (read any file) treport – Priv escalation

misconfiguration can led to r00t too..

 

Situation:

  • ssh connection or reverse shell.
  • /bin/treport (threat report system)

executing

sudo -l

 

result :


P0c: Reading any file with root priv in the system using option 3 (Download Threat Report)

File:///etc/shadow

 

Then reading it with option 2 (Read Threat Report)


Leave a Reply

Your email address will not be published.