Introduction of SUDO KILLER


If you are a hacker, developer or system administrator, you have probably used Sudo.

Sudo stands for “Superuser Do” and is a program in Unix like systems. It allows users to execute programs with the security privileges of the superuser if the user provides the root password.

Because of the powerful capabilities of Sudo, any weaknesses or misconfigurations in the program could be catastrophic. Malicious users could escalate their privileges to root and gain complete control of the server. Today, let’s talk about a tool designed to exploit the weaknesses in the Sudo program.

Introducing the Sudo Killer

Sudo Killer is a tool that identifies and exploits misconfigurations and vulnerabilities within the Sudo program to help you escalate privilege to Root.

Sudo Killer will first perform checks on the system for misconfigurations, dangerous binaries, vulnerable versions of Sudo that relate to CVEs, dangerous environment variables, writable directories with scripts, binaries that might be replaced, and more. It will then provide you with a list of commands or exploits that you could use to spawn a root shell.

The Sudo Killer shell script can be downloaded here:

TH3xACE/SUDO_KILLER

Using Sudo Killer

After uploading or downloading the Sudo Killer script to the target machine, no additional setup is required. And it’s time to start detecting some vulnerabilities!

Scanning a server

You can scan the machine by running the command:

./sudo_killer.sh -c -e -r report.txt -p /tmp

Looks confusing? Don’t worry, here’s the breakdown of what the options mean:

-c : include CVE checks for that sudo version

-e : export /etc/sudoers

-r : generated report name

-p : path to save exports and generated report

Occasionally, you should also update Sudo Killer’s CVE database by running:

./cve_update.sh

Note that running the Sudo Killer script itself will not get you a root shell. It simply scans the system for possible weaknesses and points you to the next steps.

Privilege escalation by CVE exploitation

So how do we go about gaining a root shell with Sudo Killer?

One way is to scan for privilege escalation CVEs on the machine and exploit that CVE. To scan for CVEs using Sudo Killer, you can run:

./sudo_killer.sh -c

This will output a report that includes a few valuable pieces of information, including the Sudo version currently in use on the machine, and CVEs related to that Sudo version.

In the report, Sudo Killer will link to information about the CVE. It will also link to the corresponding exploit script stored in the ./exploit directory. Running that script will exploit the vulnerability and provide you with a root shell.

Other methods of privilege escalation

There are also other things that Sudo Killer can check for. Sudo Killer will also scan for vulnerable environment variables, dangerous binaries, writable scripts and more. After scanning, Sudo Killer will generate a report for each of the checks it performs.

Even if Sudo Killer does not include a script that will automatically exploit that vulnerability, it will often provide instructions in the report or point to a separate text file that will teach you how to exploit that vulnerability.

For some Sudo Killer demos and examples, watch the video tutorials here:

Conclusion

Sudo Killer is a valuable tool for both pentesters and system admins alike. It helps you identify misconfigurations and vulnerabilities within the Sudo program, and helps you exploit the vulnerabilities. Testing your own systems by exploring these possibilities can make your system stronger against possible attacks.

Vickie Li