{"id":1513,"date":"2021-04-22T20:40:00","date_gmt":"2021-04-22T18:40:00","guid":{"rendered":"https:\/\/mikadmin.fr\/blog\/?p=1513"},"modified":"2021-09-19T11:00:30","modified_gmt":"2021-09-19T09:00:30","slug":"linux-privilege-escalation-python-library-hijacking","status":"publish","type":"post","link":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/","title":{"rendered":"Linux Privilege Escalation : Python Library Hijacking"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span><p>Views: 3836<\/p>\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/www.aldeid.com\/w\/images\/b\/bd\/Ctf-tryhackme-Common-Linux-Privesc-tree.png\" alt=\"python library hijacking\"\/><figcaption><a href=\"https:\/\/tryhackme.com\/room\/commonlinuxprivesc\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/tryhackme.com\/room\/commonlinuxprivesc<\/a><\/figcaption><\/figure><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Dans cet article, nous allons passer d&rsquo;un <strong>utilisateur lambda<\/strong> sans droits \u00e0 l&rsquo;<strong>utilisateur <span style=\"color:#cf2e2e\" class=\"tadv-color\">root<\/span><\/strong> \u00e0 l&rsquo;aide d&rsquo;un <strong>script <span style=\"color:#00d084\" class=\"tadv-color\"><a href=\"https:\/\/mikadmin.fr\/blog\/bien-debuter-en-python\/\" target=\"_blank\" rel=\"noreferrer noopener\">python<\/a><\/span><\/strong> et de la technique \u00ab\u00a0<strong>python library hijacking<\/strong>\u00ab\u00a0.<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p class=\"has-text-align-center\" style=\"font-size:38px\"><strong>Python Library Hijacking :<\/strong><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Le contexte de cet exemple est tr\u00e8s simple, nous avons un utilisateur <strong><span style=\"color:#0693e3\" class=\"tadv-color\">simple_user<\/span><\/strong> qui apr\u00e8s v\u00e9rification peut lancer le script <strong><span style=\"color:#00d084\" class=\"tadv-color\">example.py<\/span><\/strong> \u00e0 l&rsquo;aide de <strong><span style=\"color:#9b51e0\" class=\"tadv-color\">sudo<\/span><\/strong> :<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"970\" height=\"179\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image.png\" alt=\"\" class=\"wp-image-1518\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image.png 970w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-300x55.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-150x28.png 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-768x142.png 768w\" sizes=\"auto, (max-width: 970px) 100vw, 970px\" \/><\/figure><\/div>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Cependant ce n&rsquo;est pas aussi facile que \u00e7a \u00e9tant donn\u00e9 que nous n&rsquo;avons pas les droits d&rsquo;\u00e9criture sur ce dernier !<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"435\" height=\"126\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-1.png\" alt=\"\" class=\"wp-image-1519\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-1.png 435w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-1-300x87.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-1-150x43.png 150w\" sizes=\"auto, (max-width: 435px) 100vw, 435px\" \/><\/figure><\/div>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Mais comment faire pour <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">bypass<\/span><\/strong> dans ce cas l\u00e0 ?<\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Il faut regarder en d\u00e9tail notre fameux script, qui \u00e0 titre d&rsquo;exemple importe le <strong>module random<\/strong> et g\u00e9n\u00e8re une liste de nombre entre 10 et 30 et nous l&rsquo;affiche :<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"394\" height=\"202\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-2.png\" alt=\"\" class=\"wp-image-1520\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-2.png 394w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-2-300x154.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-2-150x77.png 150w\" sizes=\"auto, (max-width: 394px) 100vw, 394px\" \/><\/figure><\/div>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">La m\u00e9thode de cet article repose sur le fait que nous allons pouvoir <strong>\u00e9crire notre propre module random<\/strong> mais qui sera bien s\u00fbr malicieux et nous permettra donc de passer root.<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">En effet, en cr\u00e9ant un fichier <strong><span style=\"color:#00d084\" class=\"tadv-color\">random.py<\/span><\/strong> dans le chemin <strong><span style=\"color:#ff6900\" class=\"tadv-color\">\/home\/simple_user\/<\/span><\/strong> python va prioriser l&rsquo;ex\u00e9cution de ce module \u00e0 la place du chemin habituel que l&rsquo;on peut retrouver avec la commande :<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\">python3 -c &#039;import sys; print(&quot;\\n&quot;.join(sys.path))&#039;<\/code><\/pre>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"541\" height=\"184\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-3.png\" alt=\"\" class=\"wp-image-1523\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-3.png 541w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-3-300x102.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-3-150x51.png 150w\" sizes=\"auto, (max-width: 541px) 100vw, 541px\" \/><\/figure><\/div>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">C&rsquo;est donc parti pour la cr\u00e9ation de notre \u00ab\u00a0module\u00a0\u00bb dans <strong><span style=\"color:#ff6900\" class=\"tadv-color\">\/home\/simple_user\/<\/span><\/strong> :<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"299\" height=\"183\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-4.png\" alt=\"\" class=\"wp-image-1525\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-4.png 299w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-4-150x92.png 150w\" sizes=\"auto, (max-width: 299px) 100vw, 299px\" \/><\/figure><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Une fois le module os import\u00e9 nous mettons le<strong> <span style=\"color:#cf2e2e\" class=\"tadv-color\">bit SUID<\/span><\/strong> sur le binaire <strong>bash<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Il est d\u00e9sormais temps d&rsquo;ex\u00e9cuter le script afin qu&rsquo;il fasse appel \u00e0 notre module :<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\">sudo \/usr\/bin\/python3 \/home\/simple_user\/example.py<\/code><\/pre>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"502\" height=\"164\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-5.png\" alt=\"\" class=\"wp-image-1526\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-5.png 502w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-5-300x98.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-5-150x49.png 150w\" sizes=\"auto, (max-width: 502px) 100vw, 502px\" \/><\/figure><\/div>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Apr\u00e8s v\u00e9rification du fichier<strong> \/bin\/bash<\/strong> nous pouvons voir la r\u00e9ussite du processus !<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"464\" height=\"106\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-6.png\" alt=\"\" class=\"wp-image-1527\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-6.png 464w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-6-300x69.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-6-150x34.png 150w\" sizes=\"auto, (max-width: 464px) 100vw, 464px\" \/><\/figure><\/div>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-text-align-center has-medium-font-size\">Il suffit \u00e0 pr\u00e9sent d&rsquo;ex\u00e9cuter la commande :<\/p>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\"><code class=\"language-bash\" data-line=\"\">\/bin\/bash -p<\/code><\/pre>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"842\" height=\"193\" src=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-7.png\" alt=\"\" class=\"wp-image-1528\" srcset=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-7.png 842w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-7-300x69.png 300w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-7-150x34.png 150w, https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/image-7-768x176.png 768w\" sizes=\"auto, (max-width: 842px) 100vw, 842px\" \/><\/figure><\/div>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span>Linux Privilege Escalation with Python Library Hijacking.<\/p>\n<p>Python will prioritize the execution of our malicious module instead of the usual path <a href=\"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/\" class=\"more-link\">Continuer la lecture <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":1516,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[4,3],"tags":[21,5,9,45,15],"class_list":["post-1513","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-infosec","category-system","tag-ctf","tag-infosec","tag-linux","tag-pentest","tag-python"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"Linux Privilege Escalation with Python Library Hijacking. Python will prioritize the execution of our malicious module instead of the usual path.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Mika\"\/>\n\t<meta name=\"keywords\" content=\"linux,pentest,python library hijacking,ctf,python,hacking,linux privilege escalation,privesc,infosec,system\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"fr_FR\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Mika&#039;s Blog | Sysadmin, Network &amp; Infosec\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Linux Privilege Escalation : Python Library Hijacking\" \/>\n\t\t<meta property=\"og:description\" content=\"Linux Privilege Escalation with Python Library Hijacking. Python will prioritize the execution of our malicious module instead of the usual path.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/acf53a547a8e5db69aec7fed0d7a5ee6b7d643e5_2_517x329-e1619112806212.jpeg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/acf53a547a8e5db69aec7fed0d7a5ee6b7d643e5_2_517x329-e1619112806212.jpeg\" \/>\n\t\t<meta property=\"og:image:width\" content=\"175\" \/>\n\t\t<meta property=\"og:image:height\" content=\"111\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2021-04-22T18:40:00+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2021-09-19T09:00:30+00:00\" \/>\n\t\t<meta property=\"article:author\" content=\"mikadmin\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Linux Privilege Escalation : Python Library Hijacking\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Linux Privilege Escalation with Python Library Hijacking. Python will prioritize the execution of our malicious module instead of the usual path.\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@mika_sec\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/acf53a547a8e5db69aec7fed0d7a5ee6b7d643e5_2_517x329-e1619112806212.jpeg\" \/>\n\t\t<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t\t<meta name=\"twitter:data1\" content=\"Mika\" \/>\n\t\t<meta name=\"twitter:label2\" content=\"Estimation du temps de lecture\" \/>\n\t\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/#article\",\"name\":\"Linux Privilege Escalation : Python Library Hijacking\",\"headline\":\"Linux Privilege Escalation : Python Library Hijacking\",\"author\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/author\\\/mikadmin\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/acf53a547a8e5db69aec7fed0d7a5ee6b7d643e5_2_517x329-e1619112806212.jpeg\",\"width\":175,\"height\":111},\"datePublished\":\"2021-04-22T20:40:00+02:00\",\"dateModified\":\"2021-09-19T11:00:30+02:00\",\"inLanguage\":\"fr-FR\",\"commentCount\":5,\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/#webpage\"},\"articleSection\":\"infosec, system, ctf, infosec, linux, pentest, python\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mikadmin.fr\\\/blog\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/category\\\/system\\\/#listItem\",\"name\":\"system\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/category\\\/system\\\/#listItem\",\"position\":2,\"name\":\"system\",\"item\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/category\\\/system\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/#listItem\",\"name\":\"Linux Privilege Escalation : Python Library Hijacking\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/#listItem\",\"position\":3,\"name\":\"Linux Privilege Escalation : Python Library Hijacking\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/category\\\/system\\\/#listItem\",\"name\":\"system\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/#organization\",\"name\":\"Mika's Blog\",\"description\":\"Sysadmin, Network & Infosec\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/favicon.ico\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/#organizationLogo\",\"width\":16,\"height\":16},\"image\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/#organizationLogo\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/author\\\/mikadmin\\\/#author\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/author\\\/mikadmin\\\/\",\"name\":\"Mika\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/#authorImage\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/qV4LCrel_400x400-1-150x150.jpg\",\"width\":96,\"height\":96,\"caption\":\"Mika\"},\"sameAs\":[\"mikadmin\",\"https:\\\/\\\/twitter.com\\\/mika_sec\"]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/#webpage\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/\",\"name\":\"Linux Privilege Escalation : Python Library Hijacking\",\"description\":\"Linux Privilege Escalation with Python Library Hijacking. Python will prioritize the execution of our malicious module instead of the usual path.\",\"inLanguage\":\"fr-FR\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/author\\\/mikadmin\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/author\\\/mikadmin\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/acf53a547a8e5db69aec7fed0d7a5ee6b7d643e5_2_517x329-e1619112806212.jpeg\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/#mainImage\",\"width\":175,\"height\":111},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/linux-privilege-escalation-python-library-hijacking\\\/#mainImage\"},\"datePublished\":\"2021-04-22T20:40:00+02:00\",\"dateModified\":\"2021-09-19T11:00:30+02:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/\",\"name\":\"Mika's Blog\",\"description\":\"Sysadmin, Network & Infosec\",\"inLanguage\":\"fr-FR\",\"publisher\":{\"@id\":\"https:\\\/\\\/mikadmin.fr\\\/blog\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Linux Privilege Escalation : Python Library Hijacking","description":"Linux Privilege Escalation with Python Library Hijacking. Python will prioritize the execution of our malicious module instead of the usual path.","canonical_url":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/","robots":"max-image-preview:large","keywords":"linux,pentest,python library hijacking,ctf,python,hacking,linux privilege escalation,privesc,infosec,system","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/#article","name":"Linux Privilege Escalation : Python Library Hijacking","headline":"Linux Privilege Escalation : Python Library Hijacking","author":{"@id":"https:\/\/mikadmin.fr\/blog\/author\/mikadmin\/#author"},"publisher":{"@id":"https:\/\/mikadmin.fr\/blog\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/acf53a547a8e5db69aec7fed0d7a5ee6b7d643e5_2_517x329-e1619112806212.jpeg","width":175,"height":111},"datePublished":"2021-04-22T20:40:00+02:00","dateModified":"2021-09-19T11:00:30+02:00","inLanguage":"fr-FR","commentCount":5,"mainEntityOfPage":{"@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/#webpage"},"isPartOf":{"@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/#webpage"},"articleSection":"infosec, system, ctf, infosec, linux, pentest, python"},{"@type":"BreadcrumbList","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog#listItem","position":1,"name":"Home","item":"https:\/\/mikadmin.fr\/blog","nextItem":{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog\/category\/system\/#listItem","name":"system"}},{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog\/category\/system\/#listItem","position":2,"name":"system","item":"https:\/\/mikadmin.fr\/blog\/category\/system\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/#listItem","name":"Linux Privilege Escalation : Python Library Hijacking"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/#listItem","position":3,"name":"Linux Privilege Escalation : Python Library Hijacking","previousItem":{"@type":"ListItem","@id":"https:\/\/mikadmin.fr\/blog\/category\/system\/#listItem","name":"system"}}]},{"@type":"Organization","@id":"https:\/\/mikadmin.fr\/blog\/#organization","name":"Mika's Blog","description":"Sysadmin, Network & Infosec","url":"https:\/\/mikadmin.fr\/blog\/","logo":{"@type":"ImageObject","url":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/favicon.ico","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/#organizationLogo","width":16,"height":16},"image":{"@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/#organizationLogo"}},{"@type":"Person","@id":"https:\/\/mikadmin.fr\/blog\/author\/mikadmin\/#author","url":"https:\/\/mikadmin.fr\/blog\/author\/mikadmin\/","name":"Mika","image":{"@type":"ImageObject","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/#authorImage","url":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2020\/10\/qV4LCrel_400x400-1-150x150.jpg","width":96,"height":96,"caption":"Mika"},"sameAs":["mikadmin","https:\/\/twitter.com\/mika_sec"]},{"@type":"WebPage","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/#webpage","url":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/","name":"Linux Privilege Escalation : Python Library Hijacking","description":"Linux Privilege Escalation with Python Library Hijacking. Python will prioritize the execution of our malicious module instead of the usual path.","inLanguage":"fr-FR","isPartOf":{"@id":"https:\/\/mikadmin.fr\/blog\/#website"},"breadcrumb":{"@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/#breadcrumblist"},"author":{"@id":"https:\/\/mikadmin.fr\/blog\/author\/mikadmin\/#author"},"creator":{"@id":"https:\/\/mikadmin.fr\/blog\/author\/mikadmin\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/acf53a547a8e5db69aec7fed0d7a5ee6b7d643e5_2_517x329-e1619112806212.jpeg","@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/#mainImage","width":175,"height":111},"primaryImageOfPage":{"@id":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/#mainImage"},"datePublished":"2021-04-22T20:40:00+02:00","dateModified":"2021-09-19T11:00:30+02:00"},{"@type":"WebSite","@id":"https:\/\/mikadmin.fr\/blog\/#website","url":"https:\/\/mikadmin.fr\/blog\/","name":"Mika's Blog","description":"Sysadmin, Network & Infosec","inLanguage":"fr-FR","publisher":{"@id":"https:\/\/mikadmin.fr\/blog\/#organization"}}]},"og:locale":"fr_FR","og:site_name":"Mika's Blog | Sysadmin, Network &amp; Infosec","og:type":"article","og:title":"Linux Privilege Escalation : Python Library Hijacking","og:description":"Linux Privilege Escalation with Python Library Hijacking. Python will prioritize the execution of our malicious module instead of the usual path.","og:url":"https:\/\/mikadmin.fr\/blog\/linux-privilege-escalation-python-library-hijacking\/","og:image":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/acf53a547a8e5db69aec7fed0d7a5ee6b7d643e5_2_517x329-e1619112806212.jpeg","og:image:secure_url":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/acf53a547a8e5db69aec7fed0d7a5ee6b7d643e5_2_517x329-e1619112806212.jpeg","og:image:width":175,"og:image:height":111,"article:published_time":"2021-04-22T18:40:00+00:00","article:modified_time":"2021-09-19T09:00:30+00:00","article:author":"mikadmin","twitter:card":"summary","twitter:title":"Linux Privilege Escalation : Python Library Hijacking","twitter:description":"Linux Privilege Escalation with Python Library Hijacking. Python will prioritize the execution of our malicious module instead of the usual path.","twitter:creator":"@mika_sec","twitter:image":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/acf53a547a8e5db69aec7fed0d7a5ee6b7d643e5_2_517x329-e1619112806212.jpeg","twitter:label1":"\u00c9crit par","twitter:data1":"Mika","twitter:label2":"Estimation du temps de lecture","twitter:data2":"1 minute"},"aioseo_meta_data":{"post_id":"1513","title":"#post_title","description":"Linux Privilege Escalation with Python Library Hijacking. Python will prioritize the execution of our malicious module instead of the usual path.","keywords":[{"label":"linux","value":"linux"},{"label":"pentest","value":"pentest"},{"label":"python library hijacking","value":"python library hijacking"},{"label":"ctf","value":"ctf"},{"label":"python","value":"python"},{"label":"hacking","value":"hacking"},{"label":"linux privilege escalation","value":"linux privilege escalation"},{"label":"privesc","value":"privesc"}],"keyphrases":{"focus":{"keyphrase":"python library hijacking","score":100,"analysis":{"keyphraseInTitle":{"title":"Focus Keyphrase in SEO title","description":"Focus Keyphrase found in SEO title.","score":9,"maxScore":9,"error":0},"keyphraseInDescription":{"title":"Focus keyphrase in meta description","description":"Focus keyphrase found in meta description.","score":9,"maxScore":9,"error":0},"keyphraseInURL":{"title":"Focus Keyphrase in URL","description":"Focus Keyphrase used in the URL.","score":5,"maxScore":5,"error":0},"keyphraseLength":{"title":"Focus keyphrase length","description":"Good job!","score":9,"maxScore":9,"error":0,"length":3},"keyphraseInIntroduction":{"title":"Focus keyphrase in introduction","description":"Your Focus keyphrase appears in the first paragraph. Well done!","score":9,"maxScore":9,"error":0},"keyphraseInSubHeadings":[],"keyphraseInImageAlt":{"title":"Focus keyphrase in image alt attributes","description":"Focus keyphrase found in image alt attribute(s).","score":9,"maxScore":9,"error":0}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":"#post_title","og_description":"Linux Privilege Escalation with Python Library Hijacking. Python will prioritize the execution of our malicious module instead of the usual path.","og_object_type":"default","og_image_type":"custom_image","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":"https:\/\/mikadmin.fr\/blog\/wp-content\/uploads\/2021\/04\/acf53a547a8e5db69aec7fed0d7a5ee6b7d643e5_2_517x329-e1619112806212.jpeg","og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":[],"twitter_use_og":true,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":"#post_title","twitter_description":"Linux Privilege Escalation with Python Library Hijacking. Python will prioritize the execution of our malicious module instead of the usual path.","schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[],"defaultGraph":"Article","defaultPostTypeGraph":""},"schema_type":"default","schema_type_options":"{\"article\":{\"articleType\":\"BlogPosting\"},\"course\":{\"name\":\"\",\"description\":\"\",\"provider\":\"\"},\"faq\":{\"pages\":[]},\"product\":{\"reviews\":[]},\"recipe\":{\"ingredients\":[],\"instructions\":[],\"keywords\":[]},\"software\":{\"reviews\":[],\"operatingSystems\":[]},\"webPage\":{\"webPageType\":\"WebPage\"}}","pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","location":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2021-04-22 16:19:20","updated":"2025-06-17 16:28:32","seo_analyzer_scan_date":null},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts\/1513","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/comments?post=1513"}],"version-history":[{"count":0,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/posts\/1513\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/media\/1516"}],"wp:attachment":[{"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/media?parent=1513"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/categories?post=1513"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mikadmin.fr\/blog\/wp-json\/wp\/v2\/tags?post=1513"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}