15 writeups tagged with Sudo
Cacti LFI via CVE-2024-46987 reads configuration files and credentials. Sudo abuse on a custom binary escalates to root.
ImageMagick policy bypass enables SSRF and local file read to steal credentials. Sudo misconfiguration grants root access.
GravCMS on Ubuntu. Unauthenticated scheduler RCE CVE allows arbitrary command execution as the web user, then sudo privesc.
WordPress 4.7.2 on CentOS. Exploited outdated plugin for remote code execution and escalated via sudo misconfiguration.
daloRADIUS web interface default credentials expose user hashes. Cracked MD5 hash for SSH. Mosh binary sudo privesc for root shell.
PHP 8.1.0-dev backdoor via User-Agentt header for RCE. Sudo knife binary used as a GTFOBin for instant root shell.
Maltrail 0.53 SSRF on a request-basket service. CVE-2023-27163 chained to unauthenticated OS command injection for initial access, sudo privesc.
Site availability checker with .htaccess allowlist bypass. PHP phar deserialization for code execution, proc_open for shell, developer sudo suid binary.
SQL injection in hotel booking app. Sqlmap writes a PHP webshell. Sudo script with command injection, SUID systemctl for root.
Magento 1.9 SQLi creates an admin account; Magento Froghopper achieves RCE. Sudo vim executes a shell as root.
Gwolle Guestbook WordPress RFI via robots.txt discovery. Lateral move through sudo tar with --checkpoint shell execution.
Finger service enumerates valid usernames. Weak SSH credentials, troll binary, sudo wget for arbitrary file write to root.
Nibbleblog CMS with guessable admin credentials leads to arbitrary PHP file upload and remote code execution.
phpbash webshell discovered via directory fuzzing. Lateral movement through sudo scriptmanager, cron-based root.
Shellshock (CVE-2014-6271) via a CGI endpoint found with gobuster. Sudo perl for a trivial privilege escalation.
