MITRE ATT&CK / T1169
T1169
Sudo
Description
The sudoers file, <code>/etc/sudoers</code>, describes which users can run which commands and from which terminals. This also describes which commands users can run as other users or groups. This provides the idea of least privilege such that users are running in their lowest possible permissions for most of the time and only elevate to other users or permissions as needed, typically by prompting for a password. However, the sudoers file can also specify when to not prompt users for passwords with a line like <code>user1 ALL=(ALL) NOPASSWD: ALL</code> (Citation: OSX.Dok Malware).Adversaries can take advantage of these configurations to execute commands as other users or spawn processes with higher privileges. You must have elevated privileges to edit this file though.
Platforms
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- CVE-2025-68670: Critical Pre-Auth RCE in xrdp Exposes Linux Remote Desktop Servers
- Port Scanning Techniques: Nmap, Zenmap, and Scanning Through Firewalls
- Dirty Frag: CVE-2026-43284 and CVE-2026-43500 Grant Root Access Across All Major Linux Distros
- Metasploit Adds ARMLE Support to CVE-2026-31431 Copy Fail Linux Root Exploit
- Quasar Linux (QLNX): Rootkit and PAM Backdoor Targeting Developer Credentials
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →