SUDO_KILLER – Identify and Exploit sudo Vulnerabilities

SUDO_KILLER is a tool that can be used for privilege escalation on linux environment by abusing SUDO in several ways. The tool helps to identify misconfiguration within sudo rules, vulnerability within the version of sudo being used (CVEs and vulns) and the use of dangerous binary, all of these could be abused to elevate privilege to ROOT.

SUDO_KILLER will then provide a list of commands or local exploits which could be exploited to elevate privilege. It is worth noting that the tool does not perform any exploitation on your behalf, the exploitation will need to be performed manually and this is intended.

SUDO_KILLER - Identify and Exploit sudo Vulnerabilities
SUDO_KILLER – Identify and Exploit sudo Vulnerabilities

Some of the checks/functionalities that are performed by the tool.

  • Misconfigurations
  • Dangerous Binaries
  • Vulnerable versions of sudo – CVEs
  • Dangerous Environment Variables
  • Credential Harvesting
  • Writable directories where scripts reside
  • Binaries that might be replaced
  • Identify missing scripts

What version 2 of SK includes:

  • New checks and/or scenarios
    1. CVE-2019-14287 – runas
    2. No CVE yet – sudoedit – absolute path
    3. CVE-2019-18634 – pwfeedback
    4. User Impersonation
    5. list of users in sudo group
  • Performance improved
  • Bugs corrected (checks, export, report,…)
  • Continuous improvement of the way output presented
  • New videos will be added soon
  • Annonying password input several time removed
  • New functionality: offline mode – ability to extract the required info from audited system and run SK on host.
  • Testing environment : A docker to play with the tool and different scenarios, you can also train on PE.

You can read more and download this tool over here: https://github.com/TH3xACE/SUDO_KILLER

Share