Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-22809 PoC — Sudo 安全漏洞

Source
https://github.com/laxmiyamkolu/SUDO-privilege-escalation
Associated Vulnerability
Title:Sudo 安全漏洞 (CVE-2023-22809)
Description:Sudo是一款使用于类Unix系统的,允许用户通过安全的方式使用特殊的权限执行命令的程序。 1.9.12p2 之前的 Sudo存在安全漏洞,该漏洞源于sudoedit(又名 -e)功能错误处理用户提供的环境变量(SUDO_EDITOR、VISUAL 和 EDITOR)中传递的额外参数,从而允许本地攻击者将任意条目附加到要处理的文件列表中 . 这可能导致特权升级。
Description
Sudo Privilege Escalation: CVE-2023-22809 Simulation  This project simulates the Sudo privilege escalation vulnerability (CVE-2023-22809) to demonstrate how unauthorized root access can be gained. It involves identifying and exploiting this vulnerability in a controlled environment using Parrot OS, the Sudo command, and Bash scripting.
Readme
# SUDO Privilege Escalation
**Overview:**
This project demonstrates the exploitation of the Sudo privilege escalation vulnerability (CVE-2023-22809). The objective is to simulate how an attacker can gain unauthorized root access by exploiting this vulnerability in a controlled environment.

**Technologies Used:**
**Operating Systems:** Parrot OS, Ubuntu
**Tools:** Sudo command, Bash scripting
**Environment:** Virtualized environment for safe testing and execution

**Steps Involved**
**Manual Attack Simulation:** First, manually simulated the vulnerability to understand its mechanics and potential impact.
**Exploit Development:** Developed a Bash script to automate the exploitation process.
**Execution:** Ran the automated script in a safe, virtualized environment to confirm the effectiveness of the exploit.
**Mitigation:** Identified and applied countermeasures to secure the system against this vulnerability.
**Documentation:** Provided detailed guidance on the attack process, automation, and mitigation strategies.

**Files Included**
**Learning Objective SUDO Privilege Escalation in LINUX:** Outlines the learning goals and objectives for understanding Sudo privilege escalation in Linux environments.
**Lab Manual SUDO Privilege Escalation in LINUX:** Provides detailed instructions for the hands-on lab simulation, including attack procedures and prevention techniques.
**Automation Script (Bash) SUDO Privilege Escalation in LINUX:** Contains the Bash script used to automate the exploitation process.
**SUDO Privilege Escalation in LINUX (PowerPoint Presentation):** Summarizes the project, including the attack simulation, automation script, and findings.

**How to Use**
Download and review the **Learning Objective** and **Lab Manual** documents for context, instructions, and prevention techniques.
Execute the **Automation Script** in a Linux environment to simulate the privilege escalation.
View the **PowerPoint Presentation** for a summary and educational overview of the project.

**Disclaimer
This project is intended for educational purposes only. Unauthorized use of this code in real-world systems is illegal and unethical.**
File Snapshot

 [4.0K]  /data/pocs/5fec170ff17a2cd187b54ba8f35369bafed1e42a
└── [2.1K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.