top | item 37626274

(no title)

Write access to .bashrc is plenty to very sneakily get sudo access tho.

  alias sudo='./.my-evil-sudo-binary'

And wait till the next time the user authenticates, they wont see anything amiss and you just silently delete the alias after you’ve got the sudo password.

Also even without root dumping .ssh and the browser’s cookie jar is probably plenty to achieve lateral movement and you don’t need root for that.

discuss

No comments yet.