SUDO_KILLER
CTF-Difficulty
SUDO_KILLER | CTF-Difficulty | |
---|---|---|
8 | 18 | |
2,096 | 717 | |
- | - | |
8.8 | 0.0 | |
about 2 months ago | over 1 year ago | |
Shell | ||
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SUDO_KILLER
- cve-2023-22809
-
CVE-2023-22809
this project https://github.com/TH3xACE/SUDO_KILLER can be used to detect and exploit this CVE.
-
Sudoedit can edit arbitrary files (CVE-2023-22809)
check the project https://github.com/TH3xACE/SUDO_KILLER ... there is a docker and the tool within it to play with the described scenario and there is a video also...showing the exploitation :)
- TH3xACE/SUDO_KILLER - A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
- Some of the latest CVEs like CVE-2014-0106, CVE-2015-5602, CVE-2017-1000367, CVE-2019-14287, CVE-2019-18634, CVE-2021-3156 and CVE-2021-23240 are detected by the tool and much more. If you like the project, don't forget to give a +1 star on github. Thanks
- How to detect sudo’s CVE-2021-3156 using Falco
-
Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)
Detection and checks for CVE-2021-3156 and CVE-2021-23240 were added to https://github.com/TH3xACE/SUDO_KILLER . Please give a +1 star on github if you appreciate the project.
CTF-Difficulty
- Books for pentesting and bug Bounty
- TryHackMe a good starting point?
- MEGATHREAD FOR NOOBS - RESOURCES FOR LEARNING AND SOLVING PROBLEMS
- Additional resources for a Megathread for Noobs?
-
Wie startet man in die IT Sicherheitsbranche?
Tutorials anschauen zb. https://www.hackingarticles.in/ Hackthebox, Kali Proving grounds oder tryhackme.com
- Best Web Application Security Training/Tutorial/Certificate for someone who already has OSCP but would like to go a bit more into web and has an annual budget of 5k to spend on any training?
- What’s a better way to get my foot in the door, tryhackme or hackthebox?
- Starting to learn cyber security
- HacktheBox as a training course/academy?
- Free sources for Hacking (Posting my comment that had so many upvotes)
What are some alternatives?
OSCP-Exam-Report-Template - Modified template for the OSCP Exam and Labs. Used during my passing attempt
OSCP-Notes-Template - A template Obsidian Vault for storing your OSCP revision notes
linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
EZEA - EZEA (EaZy Enum Automator), made for OSCP. This tool uses bash to automate most of the enumeration proces
caldera - Automated Adversary Emulation Platform
linux-exploit-suggester - Linux privilege escalation auditing tool
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
CVE-2021-4034 - PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
OSCP-BoF - This is a walkthrough about understanding the #BoF machine present in the #OSCP exam.
oh-my-git - An interactive Git learning game!