![]() sudo_killer.sh -c -i /path/sk_offline.txt Optional arguments Note: Three checks are missing in the offline mode, still in dev… coming soon….Copy the output from /tmp/sk_offline.txt on the system to be audited/victim machine to your host. Run extract.sh on system to be audited/victim machine. sudo_killer.sh -c -e -r report.txt -p /tmp Example Offline mode Testing environment : A docker to play with the tool and different scenarios, you can also train on PE.New functionality: offline mode – ability to extract the required info from audited system and run SK on host. ![]() Annonying password input several time removed.Continous improvement of the way output presented.Bugs corrected (checks, export, report,…).Writable directories where scripts reside.Features Some of the checks/functionalities that are performed by the tool. It is worth noting that the tool does not perform any exploitation on your behalf, the exploitation will need to be performed manually and this is intended. SUDO_KILLER will then provide a list of commands or local exploits which could be exploited to elevate privilege. The tool helps to identify misconfiguration within sudo rules, vulnerability within the version of sudo being used (CVEs and vulns) and the use of dangerous binary, all of these could be abused to elevate privilege to ROOT. SUDO_KILLER is a tool that can be used for privilege escalation on linux environment by abusing SUDO in several ways. ** Stay tuned : Follow me on twitter ** Overview Also ideas, bug reports, contributions are more than welcome ! Other tool will be added to the KILLER project in the coming months so stay tuned up. SUDO_KILLER is still under development and there might be some issues, please create an issue if you found any. **WARNING: SUDO_KILLER is part of the KILLER project. Linux Privilege Escalation through SUDO abuse INTRO #sudo exploitation #Abusing sudo #Exploiting Sudo #Linux Privilege Escalation #OSCP
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |