From ae47f85d67a6ce54b6d756ceec77f57a77904496 Mon Sep 17 00:00:00 2001
From: Caleb Stewart <caleb.stewart94@gmail.com>
Date: Sun, 19 Jul 2020 14:51:13 -0400
Subject: [PATCH] Added chdir in privesc to prevent weird permission denied
 erros during privilege escalation

---
 .gitignore                 | 2 ++
 pwncat/privesc/__init__.py | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/.gitignore b/.gitignore
index b00ed0a..e1740c9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,5 @@ testing/
 data/pwncat.sqlite-journal
 pwncat.sqlite-journal
 linpeas.txt
+NOTES.md
+
diff --git a/pwncat/privesc/__init__.py b/pwncat/privesc/__init__.py
index a5d4e36..c1dfa06 100644
--- a/pwncat/privesc/__init__.py
+++ b/pwncat/privesc/__init__.py
@@ -380,6 +380,12 @@ class Finder:
         readers: List[Technique] = []
         writers: List[Technique] = []
 
+        # A previous escalation attempt may have left us in a working directory
+        # that causes problems during escalation (e.g. a home directory). Ensure
+        # we are in a safe directory
+        pwncat.victim.flush_output()
+        pwncat.victim.chdir("/tmp")
+
         for technique in techniques:
             if Capability.SHELL in technique.capabilities:
                 try: