Sudo NOPASSWD - Privilege Escalation

ID: sudo-nopasswd

Severity: high

Author: daffainfo

Tags: code,linux,sudo,privesc,local

Description

Sudo configuration might allow a user to execute some command with another user’s privileges without knowing the password.

YAML Source

id: sudo-nopasswd

info:
  name: Sudo NOPASSWD - Privilege Escalation
  author: daffainfo
  severity: high
  description: Sudo configuration might allow a user to execute some command with another user's privileges without knowing the password.
  reference:
    - https://book.hacktricks.xyz/linux-hardening/privilege-escalation#nopasswd
  metadata:
    verified: true
  tags: code,linux,sudo,privesc,local

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
        sudo -l

    matchers:
      - type: word
        part: code_1_response
        words:
          - "(root) NOPASSWD:"
# digest: 4a0a0047304502203fed09936acd0184f8239fbd5bfd5caea9650d83284dd7ad0e33f40af198b873022100b17205cf173f893e2d803afa4c1049bf300c329e2830b439cecbbb679cd11f07:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "code/privilege-escalation/linux/sudo-nopasswd.yaml"

View on Github