Skip to content

Latest commit

 

History

History
28 lines (18 loc) · 650 Bytes

README.md

File metadata and controls

28 lines (18 loc) · 650 Bytes

FakePip

Exploit sudoer with /usr/bin/pip install *

How to use

Simply download the setup.py file into remote target and execute this in local folder:

sudo /usr/bin/pip install . --upgrade --force-reinstall

Demonstration

Screenshot

Download the setup.py file into remote target

Screenshot

And execute the following command:

Screenshot

Then we get our shell back!

Screenshot

Author

This code is developed and maintained (if possible) by Andre Marques (@zc00l) Any misuse is not the author responsibility.