Skip to main content

Linux command: sudo

sudo, sudoedit — execute a command as another user

sudo -l
sudo -ll
sudo -V
sudo -U user command

# which sudo
/usr/bin/sudo
# ls -la /usr/bin/sudo
-rwsr-xr-x 1 root root 182600 Jan 30 08:12 /usr/bin/sudo
#

Example

user@debian:~$ sudo -l
Matching Defaults entries for user on this host:
    env_reset, env_keep+=LD_PRELOAD, env_keep+=LD_LIBRARY_PATH

User user may run the following commands on this host:
    (root) NOPASSWD: /usr/sbin/iftop
    (root) NOPASSWD: /usr/bin/find
    (root) NOPASSWD: /usr/bin/nano
    (root) NOPASSWD: /usr/bin/vim
    (root) NOPASSWD: /usr/bin/man
    (root) NOPASSWD: /usr/bin/awk
    (root) NOPASSWD: /usr/bin/less
    (root) NOPASSWD: /usr/bin/ftp
    (root) NOPASSWD: /usr/bin/nmap
    (root) NOPASSWD: /usr/sbin/apache2
    (root) NOPASSWD: /bin/more
user@debian:~$

Example: sudo with -h option (run command on host)

alice@looking-glass:/tmp$ id
uid=1005(alice) gid=1005(alice) groups=1005(alice)
alice@looking-glass:/tmp$ cat /etc/sudoers.d/alice
alice ssalg-gnikool = (root) NOPASSWD: /bin/bash
alice@looking-glass:/tmp$ sudo -h ssalg-gnikool /bin/bash
sudo: unable to resolve host ssalg-gnikool
root@looking-glass:/tmp# id
uid=0(root) gid=0(root) groups=0(root)
root@looking-glass:/tmp#

Example: jenny can Ru ALL Commands As ALL Users, As ALL Groups

jenny@wir3:/$ sudo -l
sudo -l
[sudo] password for jenny: 987654321

Matching Defaults entries for jenny on wir3:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User jenny may run the following commands on wir3:
    (ALL : ALL) ALL

jenny@wir3:/$ sudo -ll
sudo -ll
Matching Defaults entries for jenny on wir3:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User jenny may run the following commands on wir3:

Sudoers entry:
    RunAsUsers: ALL
    RunAsGroups: ALL
    Commands:
        ALL
jenny@wir3:/$

Practice

>>> CVE-2018-18634: pwdfeedback - https://github.com/saleemrashid/sudo-cve-2019-18634

>>> CVE-2019-18634: THM | hackerNote

>>> CVE-2021-3156: THM | Baron Samedit

>>> THM | Linux PrivEsc Arena

>>> THM | Linux PrivEsc

>>> THM | Looking Glass

>>> THM | h4cked

Popular posts from this blog

Check and install php7.0-mbstring extention on Ubuntu 16.04 and Microsoft Windows

While learning Facebook SDK for PHP I overlooked one of system requirements preventing my code from running on my host. That is The mbstring extension. Facebook SDK for PHP's system requirements Check if mbstring is enabled root@ubuntu001:~# php -a Interactive mode enabled php > echo extension_loaded('mbstring'); php >exit root@ubuntu001:~# apt-cache search php7 | grep mbstring php7.0-mbstring - MBSTRING module for PHP root@ubuntu001:~# Install php7.0-mbstring root@ubuntu001:~# apt-get install php7.0-mbstring Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required:   fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0   libjpeg-turbo8 libjpeg8 libmcrypt4 libtiff5 libvpx3 libxpm4 Use 'apt autoremove' to remove them. The following additional packages will be installed:   libapache2-mod-php7.0 php7.0-cli ph...

Powershell: Test-NetConnection

PS C:\Users\tuyen> get-help Test-NetConnection NAME     Test-NetConnection SYNTAX     Test-NetConnection [[-ComputerName] <string>] [-TraceRoute] [-Hops <int>] [-InformationLevel {Quiet |     Detailed}]  [<CommonParameters>]     Test-NetConnection [[-ComputerName] <string>] [-CommonTCPPort] {HTTP | RDP | SMB | WINRM}     [-InformationLevel {Quiet | Detailed}]  [<CommonParameters>]     Test-NetConnection [[-ComputerName] <string>] -Port <int> [-InformationLevel {Quiet | Detailed}]     [<CommonParameters>]     Test-NetConnection [[-ComputerName] <string>] -DiagnoseRouting [-ConstrainSourceAddress <string>]     [-ConstrainInterface <uint32>] [-InformationLevel {Quiet | Detailed}]  [<CommonParameters>] ALIASES     TNC REMARKS     Get-Help cannot find the Help files fo...