Privilege escalation using symlink

Question

I am working on a "Hack me" challenge, I have access to apache account in the server, I tried to get root access, I run linpeas.sh script and linpeas didn't find anything special, however, there is a file /etc/profile.d/modules.csh which I have write permission on that

However, this file is a symbolic link to another file (Which I don't have access to write on that)

Can I do something with this symlink file? the contents of the symlink file is exactly the same as the file which it points to, what happen if I edit the contents of symlink file?

and do you have any other idea for privilege escalation? (Note that Linpeas didn't find anything special)

Do not vandalise your posts – schroeder Apr 10 '21 at 10:34 — schroeder, Apr 10 '21 at 10:34

score 3 · Answer 1 · answered Apr 09 '21 at 18:37

3

From man symlink(2):

The permissions of a symbolic link are irrelevant; the ownership is ignored when following the link

So no, without write permissions on the file, you may not edit it.

There is also not a "symlink file"; the symlink is just a pointer to another file.

answered Apr 09 '21 at 18:37

multithr3at3d

12,355
3
29
42

Thanks, do you have any other idea for privilege escalation? – Sania Sadian Apr 09 '21 at 19:02
kernel exploit! – john doe Apr 09 '21 at 19:49
@SaniaSadian no, that cannot be answered without knowing basically everything about the target system. There are too many possible ways. – multithr3at3d Apr 10 '21 at 03:00

Privilege escalation using symlink

1 Answers1