Sudo is a necessity on most Linux systems, most of which are probably being used as web servers. While the principle of least privilege is typically applied, sudo misconfigurations can easily lead to privilege escalation if not properly mediated. Which brings us to SUDO_KILLER, a tool used to identify sudo misconfigurations that can aid in privilege escalation.
The most glaring misconfiguration is running an outdated version of sudo, especially one that has known vulnerabilities. There is simply no excuse for it, and often the best course of action from a defensive point of view is just keeping everything updated.
Other issues arise from being able to run sudo without a password — all it takes is one command to get root in a situation like that. Sometimes, even just knowing if another user has used sudo can be advantageous to an attacker. Other things related to sudo, like enabling the SUID bit, can lead to some pretty nasty consequences if precautions aren't taken.
To demonstrate SUDO_KILLER, we will be using Metasploitable 2 as the target, and Kali Linux as our local machine.
Step 1: Initial Setup
The first thing we need to do is download SUDO_KILLER from GitHub. We can do this by cloning into the repository:
~# git clone https://github.com/TH3xACE/SUDO_KILLER Cloning into 'SUDO_KILLER'...
remote: Enumerating objects: 59, done.
remote: Counting ob ..
Support the originator by clicking the read the rest link below.
