Sudo Exploits

Privilege Escalation

Tools

An automated tools to detect sudo vulnerabilities and misconfigurations is SUDO_KILLER

We can directly run sudo_killer on the target.

./sudo_killer.sh -c -e -r report.txt -p /tmp

Alternatively, run it in offline mode. send extract.sh on victim machine. Copy the output from /tmp/sk_offline.txt to your host and run sudo_killer in offline mode

./sudo_killer.sh -c -i /path/sk_offline.txt

FallOfSudo is a tool that aid in the exploitation of Linux sudo rules. We can run it directly on the target machine

#On the target - Informational mode
$ python fallofsudo.py -i

#On the target - AutoPwn mode
$ python fallofsudo.py -a

Last updated 7 months ago