Thursday, March 9, 2023

Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation)

TL;DR


The ssh-keygen command can be used to load a shared library with the -D flag. This can be useful for privilege escalation (described below), or to translate to arbitrary code execution from argument injection, file overwrites, etc. Proof of concept code can be found on my GitHub (and here is a list of other tools that can be leveraged in the same way).