How to Use SUDO_KILLER to Identify & Abuse Sudo Misconfigurations

Null Byte « WonderHowTo–

Sudo is a necessity on most Linux systems, most of which are probably being used as web servers. While the principle of least privilege is typically applied, sudo misconfigurations can easily lead to privilege escalation if not properly mediated. Which brings us to SUDO_KILLER, a tool used to identify sudo misconfigurations that can aid in privilege escalation.

The most glaring misconfiguration is running an outdated version of sudo, especially one that has known vulnerabilities. There is simply no excuse for it, and often the best course of action from a defensive point of view is just… more

View original article on Null Byte « WonderHowTo

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s