SUDO Exploitation

Hi and welcome to this new video! In this video we continue the "Linux Privilege Escalation" series. This time the focus will be on SUDO exploitation. We will review what is SUDO, how we can read SUDO configuration, and how we can exploit vulnerable SUDO configurations. I hope you find it helpful, and I would appreciate if you leave your feedback down in the comments, and share this series with like-minded people. Thank you very much! ------------------------- TIMESTAMP 00:00 Introductionv 01:25 Docker Setup 04:20 What is SUDO? 08:40 Reading output of sudo -l 12:34 Reading SUDO configuration file 18:30 Update SUDO configuration with visudo 20:00 Exploiting SUDO 23:01 Example 1 – ALL NOPASSWD 25:45 Example 2 – pip install 33:00 Example 3 – tar 36:00 Example 4 – base64 40:20 Conclusion ------------------------- REFERENCES - Material: https://github.com/LeonardoE95/yt-en/tree/main/src/TBD-linux-privesc-sudo-exploitation - Your new Best Friend: https://gtfobins.github.io/ - Sudo syntax: https://toroid.org/sudoers-syntax - Sudoers: https://www.sudo.ws/docs/man/1.8.15/sudoers.man/ - Pip exploitation: https://github.com/0x00-0x00/FakePip/tree/master ------------------------- CONTACTS - Blog: https://blog.leonardotamiano.xyz/ - Github: https://github.com/LeonardoE95?tab=repositories - Support: https://www.paypal.com/donate/?hosted_button_id=T49GUPRXALYTQ