Baron Samedit (Persistence)

Identify the sudo binary version on the local system then compare it against the last known vulnerable version of Sudo for CVE-2021-3156. If it's vulnerable, generate an openssl password and create a root persistence user.

Execute this chain

Download Operator (1.7.0)
Learn about Operator

TTPs

Identify sudo binary version
Compare software versions for exploitation
Create root user in /etc/passwd via CVE-2021-3156
Generate openssl passwd hash

User-Set Custom Variables

  • exploitable.version: 1.9.5p1
  • user.password: DemoPassword