undefined | Better HN

0 pointsIshKebab24d ago0 comments

A target user. If you get local code execution on the account of a user that uses sudo you can trivially got root. Doesn't matter if they disabled the password authentication or not.

0 comments

hnlmorg24d ago

Of course it matters if they disabled password authentication. If you require password authentication when running sudo then an attacker has to find a RCE exploit and then crack a password. Which is waaay beyond any effort the average attacker is willing to invest. Because At that point, root access isn’t really worth the effort.

An attacker will probably just use the host for sending spam emails, bot / DDoS traffic or look for other daemons they can jump to which weren’t web accessible (eg a database).

And furthermore, if you’ve got a RCE in a daemon then that code is the running as the daemons’ user. Which shouldn’t be in the sudoers file (eg wheel group) to begin with.

IshKebabOP23d ago

> If you require password authentication when running sudo then an attacker has to find a RCE exploit and then crack a password.

Nope! Just alias sudo to something that logs the password.

2 more replies

j / k navigate · click thread line to collapse