Skip to content
/ atb-ansible-sudoweakness Public

AECID Testbed Ansible Role to apply a weak sudo configuration on a server

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ait-testbed/atb-ansible-sudoweakness

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
defaults
defaults
 
 
meta
meta
 
 
tasks
tasks
 
 
README.md
README.md
 
 

Repository files navigation

AECID Testbed Ansible Sudoweakness

This role installs an insecure sudo configuration that allows a normal user to elevate privileges to root.

Requirements

  • Ubuntu or Debian

Role Variables

It is possible to configure a user that can exploit this vulnerability:

sudoweakness_user: "www-data"

The following parameter defines the filename in /etc/sudoers.d/{{sudoweakness_filename}}:

sudoweakness_filename: "{{sudoweakness_user}}"

Per default the following programm is allowed to be executed with sudo:

sudoweakness_vulnbin: "/usr/bin/dmesg"

Dependencies

No dependency

Example Playbook

    - hosts: vulnserver
      roles:
         - role: sudoweakness
           vars:
             sudoweakness_user: postfix

License

GPL-3.0

Author Information

Wolfgang Hotwagner (https://www.ait.ac.at.)

About

AECID Testbed Ansible Role to apply a weak sudo configuration on a server

Topics

ansible ansible-role sudo vulnerability testbed atb privesc aecid

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 2

Release v1.1 Latest
Oct 30, 2023
+ 1 release

Packages