InfoSec LAB

/opt/tmp.py

${debian_chroot:+($debian_chroot)}mindy@solidstate:/opt$ ls -la
total 16
drwxr-xr-x  3 root root 4096 Aug 22  2017 .
drwxr-xr-x 22 root root 4096 May 27  2022 ..
drwxr-xr-x 11 root root 4096 Apr 26  2021 james-2.3.2
-rwxrwxrwx  1 root root  105 Aug 22  2017 tmp.py

There is a Python script;/opt/tmp.py It’s owned by root, and more importantly.. WRITABLE

${debian_chroot:+($debian_chroot)}mindy@solidstate:/opt$ cat tmp.py

#!/usr/bin/env python
import os
import sys
try:
     os.system('rm -r /tmp/* ')
except:
     sys.exit()

The script is a simple Python script that uses the os module to remove everything at the /tmp/ directory

I wonder what this is. This was not in the SUID binaries.

InfoSec LAB

Explorer

SolidState_Post_Enumeration

/opt/tmp.py

Interactive Graph View

Backlinks