If I run this tool with the -p option, it reports a lot of Gtfobins vulnerabilities. However, when I tried to exploit one of them, the output was this:
[+] Assessing machine state...
[+] Checking for opportunities...
[+][gtfobins:gcc] Opportunity found, trying to exploit it...
[+][gtfobins:gcc] Using command '/home/koodi/.nix-profile/bin/gcc'...
[+][gtfobins:gcc] Starting command with pty...
[+][gtfobins:gcc] Setting up terminal...
[+][gtfobins:gcc] Authenticating with sudo...
[+][gtfobins:gcc] Writing payload...
[sudo] root user password: sudo: timeout when reading password
sudo: password needed
[+][gtfobins:gcc] Session complete.
[+] Done.
...and no root prompt.
(Sudo messages manually translated to English from my native language)
My guess is that the tool tries to pass the user password to Sudo, but fails because I have Defaults targetpw line in my sudoers file, and thus it's root password that is needed.
But I think it's not a vulnerability then, and the tool should not report it as one even with the -p option? Or at least fail instantly when trying to exploit instead of waiting for the timeout?
If I run this tool with the
-poption, it reports a lot of Gtfobins vulnerabilities. However, when I tried to exploit one of them, the output was this:...and no root prompt.
(Sudo messages manually translated to English from my native language)
My guess is that the tool tries to pass the user password to Sudo, but fails because I have
Defaults targetpwline in my sudoers file, and thus it's root password that is needed.But I think it's not a vulnerability then, and the tool should not report it as one even with the
-poption? Or at least fail instantly when trying to exploit instead of waiting for the timeout?