sudoedit
Sudo 1.6.x<=1.6.9p21 and 1.7.x<=1.7.2p4 Local Privilege Escalation
if you can execute sudoedit as a root user, you maybe able to escalate privileges.
check the sudo version
make sure to check the version. depending on the version the bash script exploit won't work.
For example, let's say that the sudo -l shows the following output.
And we have a writable access within "/var/www/html/current_user/examples/tmp/" directory as a current logged on user. This means we just need to create another directory under tmp
Here's the example of what we can do in this situation.
Now with this newly created path, we should be able to view and edit files with sudoedit, since we will have the sudo power. One thing we could do is to edit the /etc/passwd file and add a user with root privilege.
To do this, we can first create a symbolic link to connect page.html and /etc/passwd.
This creates a file within the current directory called page.html and softlink it to /etc/passwd, which means page.html can access /etc/passwd data bits!
Now let's edit the page.html so that we can manipulate /etc/passwd.
Last updated