Privilege escalation using symlink



  • I am working on a "Hack me" challenge, I have access to apache account in the server, I tried to get root access, I run linpeas.sh script and linpeas didn't find anything special, however, there is a file /etc/profile.d/modules.csh which I have write permission on that

    However, this file is a symbolic link to another file (Which I don't have access to write on that)

    Can I do something with this symlink file? the contents of the symlink file is exactly the same as the file which it points to, what happen if I edit the contents of symlink file?

    and do you have any other idea for privilege escalation? (Note that Linpeas didn't find anything special)



  • From man symlink(2):

    The permissions of a symbolic link are irrelevant; the ownership is ignored when following the link

    So no, without write permissions on the file, you may not edit it.

    There is also not a "symlink file"; the symlink is just a pointer to another file.


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2