Abusing Sudo

The sudo utility can be used to execute a command with elevated privileges. To be able to use sudo, our low-privileged user account must be a member of the sudo group.

Custom configurations of sudo-related permissions can be applied in the /etc/sudoers file. We can use the -l or --list option to list the allowed commands for the current user.

joe@debian-privesc:~$ sudo -l
[sudo] password for joe:
Matching Defaults entries for joe on debian-privesc:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin

User joe may run the following commands on debian-privesc:
    (ALL) (ALL) /usr/bin/crontab -l, /usr/sbin/tcpdump, /usr/bin/apt-get

If the /etc/sudoers configurations are too permissive, a user could abuse the short-lived administrative right to obtain permanent root access.

GTFOBinsgtfobins.github.io

PreviousAbusing SUID Binaries and Capabilities NextKernel Exploits

Last updated 1 year ago