nuclei-templates/code/privilege-escalation/linux/rw-sudoers.yaml

45 lines
1.1 KiB
YAML

id: rw-sudoers
info:
name: /etc/sudoers writable or readable - Privilege Escalation
author: daffainfo
severity: high
reference:
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#etc-sudoers-etc-sudoers.d
metadata:
verified: true
max-request: 2
tags: code,linux,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
[ -r "/etc/sudoers" ] || [ -w "/etc/sudoers" ] && echo "Either readable or writable" || echo "Not readable and not writable"
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: word
part: code_2_response
words:
- "Either readable or writable"
- type: word
part: code_2_response
words:
- "Not readable and not writable"
negative: true
# digest: 4b0a00483046022100caa6257df894b71a7e77b620941ef821acfbf9ae0c939bab9bb60111a29be594022100fb1579caf8b9cdbcb2866aa421ee0cb34d429d2657544be9c2d8652bc196df39:922c64590222798bb761d5b6d8e72950