Sudo Exploits
Wildcard redirection
If a rule inside the sudoers file includes an entry with a wildcard it is possible to redirect the execution to an arbitrary file.
The wildcard can be used to access any file as follows
Security bypass
Run the following command to execute a binary as root on Sudo version < 1.8.28
LD_PRELOAD/LD_LIBRARY_PATH
To exploit this vulnerability one the following strings must be present as a result of sudo -l
To exploit the vulnerability create a simple payload as follows
Compile the payload using GCC
Invoke sudo with the following parameters to execute the payload as root. The executed sudo command is not important, what really matters is to specify the path to the generated payload
Spawn elevated shell
The following commands allow to spawn an elevated shell from standard commands running with sudo
Automated discovery tools
Fall Of Sudo
SudoKiller
Online mode
Offline mode
Run the following command to generate the offline data set on the target machine. The generate file will be stored under /tmp/sk_offline.txt
Execute the following command to start the offline analysis
Last updated