HT is a file editor/viewer/analyzer for executables. The goal is to combine the low-level functionality of a debugger and the usability of IDEs. We plan to implement all (hex-)editing features and support of the most important file formats.

Exploit

1. Check what sudo permission the current user has, desired “NOPASSWD”

• sudo -l

Note: Here we can see this user has free root execution without password, another way could improper handling of file permissions, such as sticky bits.

2. Run the application

• sudo ht

3. Since this program has been run, with sudo privileges, we can now open and edit any file in the system, we will open “/etc/sudoers” to grant additional access to our user

• Press F3 to open a file
• locate the file

4. Edit the file and add the permissions you need. IN this case I would add “/bin/bash” to run without password.

• loneferret ALL=NOPASSWD: !/usr/bin/su, /usr/local/bin/ht, /bin/bash

5. Save the work, and exit the editor

• F2 for save
• F10 to quit

6. Now use bash with sudo privileges

• sudo /bin/bash

Remedy

Watch out what permissions you grant, and to whom it is granted.