From the course: Stealth Penetration Testing with Advanced Enumeration
Join today to access over 24,700 courses taught by industry experts.
Using Baron Samedit to escalate in Linux
From the course: Stealth Penetration Testing with Advanced Enumeration
Using Baron Samedit to escalate in Linux
- [Instructor] In 2021, a vulnerability was identified in the Linux sudo tool and it enabled and authorized a non-privileged user to gain root privileges as shown in this website. It affects sudo version 1.8.31. We're on our Scorpio system, so let's check whether we're vulnerable. We can firstly check our sudo version, sudo --version. And we are 1.8.31. We can run a check to verify the vulnerability hasn't been patched using sudo edits, sudoedit -s / we get the message, not a regular file. That's a sign our target is vulnerable. Let's download and build the exploit. So we'll git clone https. And if we go into the folder Sudo-1.8.31-Root-Exploit, we can build the exploit with make and we've now got an executable called exploit. Before we run this, let's try to list the root folder. Now let's /root and we don't have permission. Now let's run the exploit. And we have a root prompt. And when we try and run the list,…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
