awk Privilege Escalation

How to exploit sudoers entry awk editor command Sudo Privilege Escalation

While solving CTF challenges, for privilege escalation we always check root permissions for any user to execute any file or command by executing sudo -l command. (awk Privilege Escalation sudoers file entry )

I add a user hacker for testing and id command to check hacker user group-id and user-id and check our new user for sudo command with sudo su and see the error is user hacker is not allowed to execute /bin/bash as root

id                  (show group id and user id)
sudo su        (sudo su: mean change current user to superuser like root)
awk Privilege Escalation

Lab Setup for SUOD Right Privilege Escalation

Now open your sudoers file this command for adding our user hacker sudoers file

sudo visudo

After opening the sudoers file I am adding user hacker for awk editor SUPERUSER command without root password run the command user hacker

awk Privilege Escalation

Again compromise the target system and then move for privilege escalation stage as done above and execute the below command to view sudo user list.

sudo -l             (mean check sudoers file entry)
awk Privilege Escalation

we see the AWK language program or script as the root user. Therefore we obtained root access by executing AWK one-liner.

And we see awk editor is without password with superuser root access

sudo awk 'BEGIN {system("/bin/bash")}'
awk Privilege Escalation

After awk command, we got a root shell check with the id command

id

Docker privilege escalation link get more privilege escalation here

About Rahul Gehlaut

Cyber Security Researcher, CTF Player. Tech Blog Writer.

View all posts by Rahul Gehlaut →