Closed b0x-Protector closed 4 years ago
I am not sure for this one... what is the objective behind ?? what do you mean with for compatibility with future checks ?
(1) what is the objective behind ?? - If SK is designed to automate checks, why would a user enter a password three times manually? Moreover, if such checks were performed earlier.
(2) what do you mean with for compatibility with future checks ? - Next, there will be three blocks of code that use this file. It would be possible to add checks there, but in these blocks the file "groups" is also checked, which is in no way connected with the last one. If I'm not mistaken.
I did a check with your proposed code.... I think the idea behind is a good one... but I am having some regression bug... the missing script section is provided 3 times with the one that is detected.
to test in the testing environment do as follow:
apt-get install docker.io
service docker start
docker pull th3xace/sudo_killer_demo
docker run -v [path]:/opt/sk -it --name dev-sk th3xace/sudo_killer_demo
the docker will launch > cd /opt/sk
service docker start docker start -i dev-sk
I had tested SK v1.4.2_edited in docker and I didn't see any errors. Everything looks great.
It may even be better to replace $sudonopassuser with $sudoperms. Also add check for /tmp/script_list and add some addititionals types of script. In the result this block of code should look like this:
echo -e "${BOLD}${YELLOW}============ Checking for Missing scripts from sudoers ================== ${RESET} \n"
current_user="$(whoami)"
groups > /tmp/groups.txt
touch /tmp/script_list
if [ "$sudoperms" ] || [ "$sudoauth" ]; then
if [ "$sudoperms" ]; then
echo "" |sudo -S -l -k | grep "NOPASSWD" | sed 's/(root) //g' | sed 's/NOPASSWD: //g' | sed 's/,/\n/g' | sed -e 's/ *$//' | awk '$1=$1' | cut -d " " -f 1 | grep -Eo ".sh|.pl|.py|.rb|.php" >> /tmp/script_list
fi
if [ "$sudoauth" ]; then
echo $userpassword |sudo -S -l -k | grep "NOPASSWD" | sed 's/(root) //g' | sed 's/NOPASSWD: //g' | sed 's/,/\n/g' | sed -e 's/ *$//' | awk '$1=$1' | cut -d " " -f 1 | grep -Eo ".sh|.pl|.py|.rb|.php" >> /tmp/script_list
fi
fi
if [ -s "/tmp/script_list" ]; then
echo -e "${BOLD}${GREEN}[+] The script/s found in sudoers can be found at: /tmp/script_list ${RESET}"
fi
# issue #10 > missing check on NOPAASWD
#sudo -S -l -k | grep "NOPASSWD" | sed 's/(root) //g' | sed 's/NOPASSWD: //g' | sed 's/,/\n/g' | sed -e 's/ *$//' | awk '$1=$1' | cut -d " " -f 1 | grep .sh > /tmp/script_list
#echo -e "${BOLD}${GREEN}[+] The script/s found in sudoers can be found at: /tmp/script_list ${RESET}"
Hi b0x-Protector,
I have released the first version of Version 2. I think, the issue should be solved ...
Hi TH3xACE !
It looks like you have taught SK to fly... and quite quickly :)
Hi b0x-Protector,
Yeah a bit... thanks to you :) who helped me get into the code again and to look at the issues.
I am on discord if one day, you want to have a chat. I use the same username. TH3xACE#0453
I suppose that the line 484-486 should look like that:
This will allow user to not manually enter the password again, as well as increase the speed of the script.
Line 484-486 (Original)