Sudo_Killer - A Tool To Pose As Well As Exploit Sudo Rules Misconfigurations As Well As Vulnerabilities Inside Sudo
If you lot similar the projection too for my personal motivation thence equally to educate other tools delight a +1 star *
SUDO_KILLER
SUDO_KILLER is a tool which assist to abuse SUDO inward dissimilar ways too amongst the primary objective of performing a privilege escalation on linux environment.
The tool helps to position misconfiguration inside sudo rules, vulnerability inside the version of sudo beingness used (CVEs too vulns) too the used of unsafe binary, all of these could hold upward abuse to lift privilege to ROOT.
SUDO_KILLER volition thence provide a listing of commands or local exploits which could hold upward exploited to lift privilege.
SUDO_KILLER does non perform whatever exploitation on your behalf, the exploitation volition postulate to hold upward performed manually too this is intended.
Default usage
Example: ./sudo_killer.sh -c -r report.txt -e /tmp/
Arguments
-k : Keywords
-e : export place (export /etc/sudoers)
-c : include CVE checks amongst observe to sudo version
-s : render user password for sudo checks (not recommended ++except for CTF)
-r : study advert (save the output)
-h : help
CVEs check
To update the CVE database : run the next script ./cve_update.sh
IMPORTANT !!!
If you lot postulate to input a password to run sudo -l thence the script volition non piece of occupation if you lot don't provide a password amongst the declaration -s.
**NOTE : sudo_killer does non exploit automatically past times itself, it was designed similar this on run simply depository fiscal establishment agree for misconguration too vulnerabilities too thence suggest you lot the next (if you lot are lucky the road to root is near!) :
- a listing of commands to exploit
- a listing of exploits
- some description on how too why the gear upward on could hold upward performed
Why is it possible to run "sudo -l" without a password?
By default, if the NOPASSWD tag is applied to whatever of the entries for a user on a host, he or she volition hold upward able to run "sudo -l" without a password. This deportment may hold upward overridden via the verifypw too listpw options.
However, these rules exclusively touching on the electrical flow user, thence if user impersonation is possible (using su) sudo -l should hold upward launched from this user equally well.
Sometimes the file /etc/sudoers tin hold upward read fifty-fifty if sudo -l is non accessible without password.
Testing the tool :)
Will shortly provide a docker to examination the dissimilar scenarios :) ... Stay connected!