I have been trying to do the linux privilege escalation python library hijacking module. Something seems to not be working for me as when I attempt to run the mem_status.py with the modified psutil function as sudo it says that I do not have permission although when I do sudo -l it says that I do.
1 Like
Ok, I just tried it again after waiting for awhile and now I can use sudo. I have no idea why I could not to begin with but it works now so thatâs cool.
1 Like
Hi, did you get the root as well? Somehow, by following all the instructions on the page, I canât get mem_status.py to run as root. I wonder, whatâs the catch here?
1 Like
yeah I just followed what it said and made a reverse shell using Coding A Reverse Shell In Python In 10 Lines Or Less - LinuxForDevices
you can use any python shell code though
Very weird. Iâm getting that same old âSorry, user htb-student is not allowedâŚâ sudo denial no matter what I do. All those tricks including reverse shells work perfectly without sudo (and without privileges of course). Oh well, I guess Iâll just pick another fun module until this one is ironed out. Thanks anyway.
1 Like
Iâm here too. I canât even find a directory with write permissions for psutil to write
1 Like
where did you change psutil?
Solved. This help me.Privilege Escalation via Python Library Hijacking | rastating.github.io
1 Like
Just worked this one out.
Change the command to:
sudo /usr/bin/python3 ~/mem_status.py
5 Likes
This one took me ages to figure out.
As mentioned by others above, none of the directories listed in the tutorial are writable by the htb-student user. You also do not get SETENV permissions with sudo. You also do not have write access to the init.py script in the psutil folder. Given all of that, you cannot actually do any single one of the things listed in the writeup.
The solution:
There is one other directory that the script will apparently check for psutil in: the directory that mem_status.py resides in. Create a new psutil.py, and run the program with sudo.
5 Likes
Keep in mind that the commands that are listed when you type âsudo -lâ that have things like NOPASSWD: before them have to be typed as theyâre written. So even if youâre in the directory of the mem_status.py you still need to specify the path. This is what hung me up.
3 Likes
This became overly complicated due to one key information NOT being mentioned.
you can pretty much do a two line code:
Summary
import os
os.system('cat path/to/file')
But when you execute, you need to mentioned the full path of the python library and full path to where the executable file is or use [~]
The HTB example of using a [.] before the slash is misleading intentionally or unintentionally.
1 Like
Whoever can help me with understanding situation in this module. I am trying run python with custom PATHPYTHON and return error from sudo? Does it change version of sudo or configuration sudo, or may my mistake? I donât understand why in example provided in this module doesnât work for me. Thanks.
htb-student@ubuntu:~$ sudo PYTHONPATH=/tmp/ /usr/bin/python3 /home/htb-student/mem_status.py
sudo: sorry, you are not allowed to set the following environment variables: PYTHONPATH
because htb-student doesnt have SETENV permission.
all you have to do is hijack the virtual.memory function on psutil.py in current python environtment
Hi
How to find the directory, where python looking for modules?
I checked all directories, got from python3 -c âimport sys; print(â\nâ.join(sys.path))â, they all without write permissions.
I literally just started laughing. Mostly at myself just now. Thanks! I was getting so mad that it was running everything as htb-student and kept telling me I was not able to run as sudo. I was hunting for packages and looking for others that I might be able to exploit. I am sure I will get this done in a couple minutes now.