Skip to content

Checks for PATH substitution vulnerabilities and logs the commands executed by the vulnerable executables

License

Notifications You must be signed in to change notification settings

ShotokanZH/Pa-th-zuzu

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Pa(th)zuzu! (v1.6.9)

Checks for PATH substitution vulnerabilities, logs the commands executed by the vulnerable executables and injects a reverse shell with the permissions of the owner of the process.

#How to make it work

  • curl https://raw.githubusercontent.com/ShotokanZH/Pa-th-zuzu/master/pathzuzu.sh > pathzuzu.sh
  • chmod +x pathzuzu.sh
  • ./pathzuzu.sh
 __      /___    \ ___    ___
|__) /\ (  | |__| ) _//  \ _//  \|
|   /--\ \ | |  |/ /__\__//__\__/. v1.6.9

Usage: pathzuzu [-e command] [-r address:port] [-t seconds] command [args]
        -c              Check for updates (github)
        -e command      Execute command if target is vulnerable
        -r address:port Starts reverse shell to address:port
        -t seconds      Timeout. Kills target after $seconds seconds

Extra flags, requiring -e or -r:
        -g gid  Run command/r.shell only if the group is $gid
        -u uid  Run command/r.shell only if the user is $uid

Note: SUID files can bypass the -t flag, it's not a kill-proof solution.
Process may hang because of that.

Returns 0 if the executable is vulnerable, 1 otherwise.

Logs are saved in pathzuzu.sh.log ( $(basename "$0").log )

Demostration (warning: in asciinema on some [very tiny] devices the right part of the screen it's not viewable even while in landscape):

Pa(th)zuzu

About

Checks for PATH substitution vulnerabilities and logs the commands executed by the vulnerable executables

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages