27 lines
804 B
YAML
27 lines
804 B
YAML
id: sudo-nopasswd
|
|
|
|
info:
|
|
name: Sudo NOPASSWD - Privilege Escalation
|
|
author: daffainfo
|
|
severity: high
|
|
description: Sudo configuration might allow a user to execute some command with another user's privileges without knowing the password.
|
|
reference:
|
|
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#nopasswd
|
|
metadata:
|
|
verified: true
|
|
tags: code,linux,sudo,privesc,local
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
sudo -l
|
|
|
|
matchers:
|
|
- type: word
|
|
part: code_1_response
|
|
words:
|
|
- "(root) NOPASSWD:"
|
|
# digest: 4a0a00473045022100de6ba465a1014a68bf361233db593957b6412aa0496a46cc569184eedd84611702203545ae3f61902e6068aff724e05ec287f68ad332ccf73aa02ec78d1800429f24:922c64590222798bb761d5b6d8e72950 |