Sudo Misconfigurations

Sudo Misconfigurations

Sudo misconfigurations represent common privilege escalation vectors arising from administrative convenience over security. Check sudo privileges using sudo -l, revealing commands executable without passwords. Even seemingly harmless commands might enable escalation through creative abuse. GTFOBins again provides exploitation techniques for common programs, but understanding principles enables exploiting any misconfiguration.

Sudo version vulnerabilities occasionally provide direct escalation paths. Older sudo versions contain vulnerabilities like CVE-2019-14287 (user ID -1 bypass) or CVE-2021-3156 (heap buffer overflow). While patching typically addresses known vulnerabilities, legacy systems or delayed updates create opportunities. Check sudo versions and research applicable exploits, but test carefully as failed exploits might crash sudo.

LD_PRELOAD exploitation through sudo requires specific misconfigurations but provides reliable escalation. If sudo preserves LD_PRELOAD environment variable and allows running commands, malicious libraries execute with elevated privileges. Create shared libraries with constructor functions spawning shells, achieving root access through seemingly benign commands. This technique requires understanding dynamic linking and environment variable handling.

Sudo command restrictions often contain bypasses through parameter manipulation or chained commands. Restrictions on specific parameters might allow alternatives achieving similar results. Commands permitting user-controlled output files enable overwriting critical system files. Understanding intended functionality reveals unintended consequences exploitable for privilege escalation.