GithubHelp home page GithubHelp logo

hartl3y94 / pa-th-zuzu Goto Github PK

View Code? Open in Web Editor NEW

This project forked from shotokanzh/pa-th-zuzu

0.0 0.0 0.0 28 KB

Checks for PATH substitution vulnerabilities and logs the commands executed by the vulnerable executables

License: GNU General Public License v2.0

Shell 100.00%

pa-th-zuzu's Introduction

Pa(th)zuzu! (v1.6.9)

Checks for PATH substitution vulnerabilities, logs the commands executed by the vulnerable executables and injects a reverse shell with the permissions of the owner of the process.

#How to make it work

  • curl https://raw.githubusercontent.com/ShotokanZH/Pa-th-zuzu/master/pathzuzu.sh > pathzuzu.sh
  • chmod +x pathzuzu.sh
  • ./pathzuzu.sh
 __      /___    \ ___    ___
|__) /\ (  | |__| ) _//  \ _//  \|
|   /--\ \ | |  |/ /__\__//__\__/. v1.6.9

Usage: pathzuzu [-e command] [-r address:port] [-t seconds] command [args]
        -c              Check for updates (github)
        -e command      Execute command if target is vulnerable
        -r address:port Starts reverse shell to address:port
        -t seconds      Timeout. Kills target after $seconds seconds

Extra flags, requiring -e or -r:
        -g gid  Run command/r.shell only if the group is $gid
        -u uid  Run command/r.shell only if the user is $uid

Note: SUID files can bypass the -t flag, it's not a kill-proof solution.
Process may hang because of that.

Returns 0 if the executable is vulnerable, 1 otherwise.

Logs are saved in pathzuzu.sh.log ( $(basename "$0").log )

Demostration (warning: in asciinema on some [very tiny] devices the right part of the screen it's not viewable even while in landscape):

Pa(th)zuzu

pa-th-zuzu's People

Contributors

shotokanzh avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.