From ac38cb05fe7d13278dda2e7a8146189fad51d7cd Mon Sep 17 00:00:00 2001 From: CPol Date: Fri, 21 Aug 2020 13:38:17 +0000 Subject: [PATCH] GitBook: [master] one page modified --- linux-unix/privilege-escalation/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/linux-unix/privilege-escalation/README.md b/linux-unix/privilege-escalation/README.md index d4f38d7c..f28c2334 100644 --- a/linux-unix/privilege-escalation/README.md +++ b/linux-unix/privilege-escalation/README.md @@ -507,6 +507,10 @@ The project collects legitimate functions of Unix binaries that can be abused to {% embed url="https://gtfobins.github.io/" %} +### FallOfSudo + +If you can access `sudo -l` you can use the tool [**FallOfSudo**](https://github.com/Critical-Start/FallofSudo) to check if it finds how to exploit any sudo rule. + ### Reusing Sudo Tokens In the scenario where **you have a shell as a user with sudo privileges** but you don't know the password of the user, you can **wait him to execute some command using `sudo`**. Then, you can **access the token of the session where sudo was used and use it to execute anything as sudo** \(privilege escalation\).