lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGp_9Zh7b47xzkE_SfH=rTYeu-RCQTx1qG8Y=Fg8GC7-nDHHvA@mail.gmail.com> Date: Fri, 18 Apr 2025 16:12:49 +0400 From: Housma mardini <housma@...il.com> To: fulldisclosure@...lists.org Subject: [FD] BBOT 2.1.0 - Local Privilege Escalation via Malicious Module Execution Hi Full Disclosure, I'd like to share a local privilege escalation technique involving BBOT (Bighuge BLS OSINT Tool) when misconfigured with sudo access. --- Exploit Title: BBOT 2.1.0 - Local Privilege Escalation via Malicious Module Execution Date: 2025-04-16 Exploit Author: Huseyin Mardinli Vendor Homepage: https://github.com/blacklanternsecurity/bbot Version: 2.1.0.4939rc (tested) Tested on: Kali Linux Rolling (2025.1) CVE: N/A Platform: Linux Type: Local ### Description: BBOT allows execution of custom Python modules during OSINT scans. When configured as a sudo-executable (e.g., via NOPASSWD), a malicious module can escalate privileges via the `setup()` function. ### PoC Steps: 1. Clone: git clone https://github.com/Housma/bbot-privesc.git 2. Run with sudo: sudo /usr/local/bin/bbot -t dummy.com -p preset.yml --event-types ROOT 3. A root shell is spawned via `bash -p` from within the module. ### GitHub (Full Write-up + PoC): https://github.com/Housma/bbot-privesc --- This exploit highlights how trusted open-source tools can be abused in real-world environments. Regards, Huseyin Mardinli _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists