ROOTPLOIT
Server: Apache
System: Linux node6122.myfcloud.com 6.14.3-x86_64-linode168 #1 SMP PREEMPT_DYNAMIC Mon Apr 21 19:47:55 EDT 2025 x86_64
User: bashacomputer (1004)
PHP: 7.4.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /usr/share/elasticsearch/modules/x-pack-security/
Upload Files
File: //usr/share/elasticsearch/modules/x-pack-security/plugin-security.policy
grant {
  permission java.lang.RuntimePermission "setFactory";

  // needed for SAML
  permission java.util.PropertyPermission "org.apache.xml.security.ignoreLineBreaks", "read,write";

  // needed during initialization of OpenSAML library where xml security algorithms are registered
  // see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220
  // and https://git.shibboleth.net/view/?p=java-opensaml.git;a=blob;f=opensaml-xmlsec-impl/src/main/java/org/opensaml/xmlsec/signature/impl/SignatureMarshaller.java;hb=db0eaa64210f0e32d359cd6c57bedd57902bf811#l52
  // which uses it in the opensaml-xmlsec-impl
  permission java.security.SecurityPermission "org.apache.xml.security.register";

  // needed for multiple server implementations used in tests
  permission java.net.SocketPermission "*", "accept,connect";

  // needed for Kerberos login
  permission javax.security.auth.AuthPermission "modifyPrincipals";
  permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
  permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosKey * \"*\"", "read";
  permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab * \"*\"", "read";
  permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket * \"*\"", "read";
  permission javax.security.auth.AuthPermission "doAs";
  permission javax.security.auth.kerberos.ServicePermission "*","initiate,accept";

  permission java.util.PropertyPermission "javax.security.auth.useSubjectCredsOnly","write";
  permission java.util.PropertyPermission "java.security.krb5.conf","write";
  permission java.util.PropertyPermission "sun.security.krb5.debug","write";
  permission java.util.PropertyPermission "java.security.debug","write";
  permission java.util.PropertyPermission "sun.security.spnego.debug","write";

  // needed for kerberos file permission tests to access user information
  permission java.lang.RuntimePermission "accessUserInformation";
  permission java.lang.RuntimePermission "getFileStoreAttributes";
};
@ Telegram