27 lines
798 B
YAML
27 lines
798 B
YAML
id: sudo-nopasswd
|
|
|
|
info:
|
|
name: Sudo NOPASSWD - Privilege Escalation
|
|
author: daffainfo
|
|
severity: high
|
|
description: Sudo configuration might allow a user to execute some command with another user's privileges without knowing the password.
|
|
reference:
|
|
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#nopasswd
|
|
metadata:
|
|
verified: true
|
|
tags: code,linux,sudo,privesc
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
sudo -l
|
|
|
|
matchers:
|
|
- type: word
|
|
part: code_1_response
|
|
words:
|
|
- "(root) NOPASSWD:"
|
|
# digest: 4a0a00473045022100e62bc1a0b1a457ab643a4ee150cfc38becf287d629ee5200603723849691bc2602204b8aea2931fe9c3486dd06edf9325e8d2b406be20cc5fbcef197ff152119ddef:922c64590222798bb761d5b6d8e72950 |