Sudo add-Metasploit exploit for root access




On the Metasploit hacker toolkit is added a module that allows to access an administrator account. Access via an exploit in the sudo command The bug in sudo is present among others in various versions of OS X and Linux distributions.

Hacker Privileges are determined on the command line in a shell environment. Using the sudo command For example, perform a normal user commands that normally only possible with a root account.

The bug in sudo is already in March this year but still not known poem on a number of operating systems. By means of the operating system clock can be put back on January 1, 1970, also known as epoch. Then the attacker to access the system without having to be there. Prompted for a password

According to Rapid7, the developer of the Metasploit hacker toolkit, containing among other things from OS X 10.7 Lion to Mountain Lion 10.8.4 the sudo vulnerability. Various Linux distributions would still offer a vulnerable version of sudo. Metasploit has been added to a module that allows to access a session with root privileges, access via an exploit as reports Threat Post. Condition is that the user has used the sudo command before and belongs to the admin group. Moreover, the attack method does not work if the remote user is not known; physical access to the target is required.



In: Technology & Gadgets Asked By: [15505 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »