Hi and welcome to this new video!
In this video we continue the "Linux Privilege Escalation" series.
This time the focus will be on SUDO exploitation. We will review what is SUDO, how we can read SUDO configuration, and how we can exploit vulnerable SUDO configurations.
I hope you find it helpful, and I would appreciate if you leave your feedback down in the comments, and share this series with like-minded people.
Thank you very much!
-------------------------
TIMESTAMP
00:00 Introductionv
01:25 Docker Setup
04:20 What is SUDO?
08:40 Reading output of sudo -l
12:34 Reading SUDO configuration file
18:30 Update SUDO configuration with visudo
20:00 Exploiting SUDO
23:01 Example 1 - ALL NOPASSWD
25:45 Example 2 - pip install
33:00 Example 3 - tar
36:00 Example 4 - base64
40:20 Conclusion
-------------------------
REFERENCES
- Material: github.com/LeonardoE95/yt-en/...
- Your new Best Friend: gtfobins.github.io/
- Sudo syntax: toroid.org/sudoers-syntax
- Sudoers: www.sudo.ws/docs/man/1.8.15/s...
- Pip exploitation: github.com/0x00-0x00/FakePip/...
-------------------------
CONTACTS
- Blog: blog.leonardotamiano.xyz/
- Github: github.com/LeonardoE95?tab=re...
- Support: www.paypal.com/donate/?hosted...
Негізгі бет Ғылым және технология SUDO Exploitation
Пікірлер: 8