sudo(Super User DO) is a program for UNIX-like computer operating systems that allows users to run programs with the security privileges of another user (by default, the superuser).
su, users must, by default, supply their own password for authentication, rather than the password of the target user. After authentication, and if the configuration file, which is typically located at
/etc/sudoers, permits the user access, the system invokes the requested command with the target user's privileges.
/etc/sudoersconfiguration file. This file, owned by
root, is supposed to be 440 (read-only) and should only be edited with
sudo, either by profiting from insecure configuration, or by exploiting the program's vulnerabilities.
sudo -lcommand can be run by sudoers to check their sudo rights. The output reflects the
/etc/sudoersconfiguration that applies to the user. It should like the following (default config for a new sudoer).
johnthesudoeruser to run any privileged command as long as
johnthesudoer's password is known. A privileged session can be obtained with
/bin/taras root as long as
johnthesudoer's password is known. The thing is tar is program that can be used to obtain a full session, hence bypassing the restrictions induced by sudoers configuration.
/usr/bin/cp. The following commands are used to edit the
/etc/passwdfile to add a password-less user with
root's uid and gid.
ALLin the "runas" specifier (the yellow and green parts in the doodle above).
sudoedit -sand a command-line argument that ends with a single backslash character. To test if a system is vulnerable or not, the following command can be run as a non-root user.
usage:help message while vulnerable ones will throw the following