Search the Community
Showing results for tags 'sudo'.
-
SUDO_KILLER is a tool that can be used for privilege escalation on the Linux environment by abusing SUDO in several ways. The tool helps to identify misconfiguration within sudo rules, vulnerability within the version of sudo being used (CVEs and vulns), and the use of dangerous binary, all of these could be abused to elevate privilege to ROOT. SUDO_KILLER will then provide a list of commands or local exploits which could be exploited to elevate privilege. It is worth noting that the tool does not perform any exploitation on your behalf, the exploitation will need to be performed manually and this is intended. Features Some of the checks/functionalities that are performed by the tool. Misconfigurations Dangerous Binaries Vulnerable versions of sudo – CVEs Dangerous Environment Variables Credential Harvesting Writable directories where scripts reside Binaries that might be replaced Identify missing scripts What version 2 of SK includes: New checks and/or scenarios CVE-2019-14287 – runas No CVE yet – sudoedit – absolute path CVE-2019-18634 – pwfeedback User Impersonation list of users in sudo group Performance improved Bugs corrected (checks, export, report,…) Continous improvement of the way output presented New videos will be added soon Annonying password input several time removed New functionality: offline mode – ability to extract the required info from audited system and run SK on host. Testing environment : A docker to play with the tool and different scenarios, you can also train on PE. [hide][Hidden Content]]
-
- 1
-
- sudo_killer
- v2.0.7
-
(and 8 more)
Tagged with:
-
sudo version 1.8.28 suffers from a security bypass vulnerability. View the full article
-
This Metasploit module attempts to gain root privileges by blindly injecting into the session user's running shell processes and executing commands by calling system(), in the hope that the process has valid cached sudo tokens with root privileges. The system must have gdb installed and permit ptrace. This module has been tested successfully on Debian 9.8 (x64) and CentOS 7.4.1708 (x64). View the full article