TL;DR
The ssh-keygen
command can be used to load a shared library with the -D
flag. This can be useful for privilege escalation (described below), or to
translate to arbitrary code execution from argument injection, file overwrites, etc. Proof of concept code can be found on my
GitHub (and
here is a
list of other tools that can be leveraged in the same way).
