SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths
SUDO_KILLER 是一个用于检测 sudo 配置中潜在安全漏洞的 Bash 脚本工具。它可识别 sudo 规则错误配置、危险二进制文件、CVE 漏洞、环境变量风险等,并生成报告以帮助安全人员发现潜在提权路径。支持导出配置和离线分析。 2025-5-12 19:15:4 Author: www.darknet.org.uk(查看原文) 阅读量:15 收藏

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with elevated privileges. However, misconfigurations and certain vulnerabilities can be exploited to escalate privileges, potentially compromising system security.

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER is a shell script designed to assist security professionals in identifying such misconfigurations and vulnerabilities within sudo configurations.

It focuses on vulnerabilities tied to SUDO usage, including misconfigurations in sudo rules, version-based weaknesses (CVEs and other vulnerabilities), and risky binary deployments (GTFOBINS). These weak points can be exploited to gain ROOT-level privileges or impersonate other users.

What is SUDO_KILLER?

Developed by TH3xACE, SUDO_KILLER is a Bash script that performs a series of checks to identify:

  • Misconfigurations in sudo rules
  • Presence of dangerous binaries (e.g., those listed in GTFOBins)
  • Vulnerable versions of sudo susceptible to known CVEs
  • Dangerous environment variables
  • Writable directories containing scripts
  • Binaries that might be replaced
  • Missing scripts referenced in sudo configurations

The tool generates a report detailing potential privilege escalation vectors but does not perform any exploitation itself.

Key Features

  • Comprehensive Checks: Identifies various misconfigurations and vulnerabilities related to sudo.
  • CVE Detection: Checks for known vulnerabilities in the installed version of sudo.
  • Export Functionality: Can export sudo rules and configurations for offline analysis.
  • Offline Mode: Supports analyzing extracted data from a target system without direct execution on it.
  • Report Generation: Produces detailed reports outlining findings and potential exploitation paths.

Usage

To run SUDO_KILLER:

./SUDO_KILLERv3.sh -c -e -r report.txt -p /tmp

Options:

  • -c: Include CVE checks
  • -e: Export sudo rules and configurations
  • -r: Specify report filename
  • -p: Specify path to save exports and report
  • -s: Supply user password for sudo checks (if required)
  • -h: Display help message

Conclusion

SUDO_KILLER is a valuable tool for security professionals aiming to audit sudo configurations for potential privilege escalation vectors. By identifying misconfigurations and known vulnerabilities, it aids in strengthening system security.

You can download SUDO_KILLER or read more here.

Reader Interactions


文章来源: https://www.darknet.org.uk/2025/05/sudo_killer-auditing-sudo-configurations-for-privilege-escalation-paths/
如有侵权请联系:admin#unsafe.sh