Sudo Vim Privilege Escalation
Last modified: 2023-02-05
Privilege Escalation
Sudo vim command might be vulnerable to privilege escalation (PrivEsc).
Investigation
sudo -l
(ALL) NOPASSWD: vim example.txt
If we can execute "vim" command as root, we can execute the shell command in the vim editor.
Exploitation
Simply run "vim" command as root.
sudo vim example.txt
In Vim editor, we can run shell commands as root.
:r!whoami