Polar bastion host common user command execution (root permission)
Polar internal control bastion hosts use advanced technologies to protect internal network devices and servers, and monitor and audit common access methods for such assets, it can control, track, and determine user behavior to meet the security requirements of the enterprise's internal network.
However, this device has a severe vulnerability. You can directly obtain the root permission.
Operator: General O & M personnel permissions.
Log on to the bastion host using ssh as an ordinary O & M engineer and run the command whoami.
The command is executable.
Try to add a user.
User Added successfully.
Add User Password.
View the ssh port.
The port used to log on to the bastion host is 220.
Try to create a new fastfood user login... view the web root directory file ..
At this point, you have successfully logged on to the bastion host. You can escalate permissions later ..
Solution:
You know better than me...