Wget-Root

⚠️ Warning: This script is completly for white hat activities. I do not claim any responsibility for the damage it may cause if used for offensive purposes.

If the wget binary has the SUID bit set, It does not drop the elevated privileges and may be abused to access the file system. It may be used to do privileged writes or write files outside a restricted file system. This script automates the rewriting of the passwd file of the victims machine

Usage

Firstly copy the /etc/passwd or /etc/hosts (depending on your attack surface) file of the victim to your host machine, using the following command: scp user@host /etc/passwd .
( ⚠️ Be carefull when typing the files destination and don't overwrite your own /etc/passwd file)
After copying the /etc/passwd file of the victim, it is time to run the exploit.
( ⚠️ You will need to run the exploit with sudo since root privileges are needed to modify the /etc/passwd file of the victim because of permission reasons)

The script will poison the given file and host it to the web using a custom HTTP server
. Dynamic instructions will also be printed at the command line during the exploit execution as shown in the picture below. The password for the root user, is simply root.

TryHackMe has an awesome machine that lets you play with this exploit.
⚠️ Solving CTF's with others exploit just kills the fun. Using this exploit to solve the ctf above is not recommended for begginers in the world of IT. More advanced users are welcome to use this exploit to automatically solve the CTF listed above for fun or for testing purposes.