Path Abuse

env | grep PATH or echo $PATH.

echo $PATH

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games

If we can modify a user's path, we could replace a common binary such as ls with a malicious script such as a reverse shell. If we add . to the path by issuing the command PATH=.:$PATH and then export PATH, we will be able to run binaries located in our current working directory by just typing the name of the file

~$ PATH=.:${PATH}
~$ export PATH
~$ echo $PATH

.:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games

~$ touch ls
~$ echo 'echo "PATH ABUSE!!"' > ls
~$ chmod +x ls

~$ ls

PATH ABUSE!!

References

Linux Privilege Escalation Using PATH Variable - Hacking ArticlesHacking Articles

Linux Privilege Escalation using PATH Variable manipulationMedium

PreviousCredentials Hunting NextWildcard Abuse

Last updated 3 months ago