mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
27 lines
821 B
YAML
27 lines
821 B
YAML
id: sudo-nopasswd
|
|
|
|
info:
|
|
name: Sudo NOPASSWD - Privilege Escalation
|
|
author: daffainfo
|
|
severity: high
|
|
description: Sudo configuration might allow a user to execute some command with another user's privileges without knowing the password.
|
|
reference:
|
|
- https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#nopasswd
|
|
metadata:
|
|
verified: true
|
|
tags: code,linux,sudo,privesc,local
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
sudo -l
|
|
|
|
matchers:
|
|
- type: word
|
|
part: code_1_response
|
|
words:
|
|
- "(root) NOPASSWD:"
|
|
# digest: 4b0a00483046022100fc332830334e18132f3b3ba33a57c0d646f7b4ec9fb6a83849c70aa877efffe2022100c780fc0fccad8542da4cca4eaa21c354115cb95d6c3fa910fb5ce6c55821d829:922c64590222798bb761d5b6d8e72950 |