http://t0x1n.cc/tags/python/Recent content in Python on t0x1nHugoen-usSun, 31 Mar 2024 10:00:00 +0530http://t0x1n.cc/posts/pip-malicious-commands/Sun, 31 Mar 2024 10:00:00 +0530http://t0x1n.cc/posts/pip-malicious-commands/<p>So, recently I was solving a hacktheboox room OnlyForYou and I got the user flag but I was struggling to get the root flag. User had this previlage to run as sudo.</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="o">(</span>root<span class="o">)</span> NOPASSWD: /usr/bin/pip3 download http<span class="se">\:</span>//127.0.0.1<span class="se">\:</span>3000/*.tar.gz </span></span></code></pre></div><p><img src="http://t0x1n.cc/images/pip-malicious-blog/pip-exploit.png" alt="Sudo pip privilege showing download permission" title="Sudo permission to run pip download"></p> <p>But I had never seen a malicious use of pip before so I started doing research. And I founf some interesting stuffs.</p>