- Joined
- May 15, 2017
- Messages
- 986
- Likes
- 759
- Points
- 1,045
SUDO_KILLER is a tool which help to abuse SUDO in different ways and with the main objective of performing a privilege escalationon linux environment.
The tool helps to identify misconfiguration within sudo rules, vulnerability within the version of sudo being used (CVEs and vulns) and the used of dangerous binary, all of these could be abuse to elevate privilege to ROOT.
SUDO_KILLER will then provide a list of commands or local exploits which could be exploited to elevate privilege.
SUDO_KILLER does not perform any exploitation on your behalf, the exploitation will need to be performed manually and this is intended.
Default usage
Example: ./sudo_killer.sh -c -r report.txt -e /tmp/
Arguments
-k : Keywords
-e : export location (export /etc/sudoers)
-c : include CVE checks with respect to sudo version
-s : supply user password for sudo checks (not recommended ++except for CTF)
-r : report name (save the output)
-h : help
CVEs check
To update the CVE database : run the following script ./cve_update.sh
Download SUDO_KILLER