top of page
sudown_logo

sudown – Automated Sudo Exploit Finder

sudown is a simple, fast, self-contained tool for identifying and exploiting common misconfigurations in Linux sudo rules. Designed for CTFs, pentesting, and red teamers, sudown makes it effortless to turn sudo access into privilege escalation – all in a single, portable binary.

DOWNLOAD sudown-amd64

How It Works

Automatic sudo analysis:
sudown runs sudo -l to enumerate all commands your current user can run with sudo (including those with and without a password).​

 

Offline GTFOBins integration:
The tool ships with a local copy of GTFOBins – a curated database of privilege escalation and shell escape payloads for dozens of common Linux binaries.

 

One-click exploit mapping:
sudown matches your sudo privileges to known exploits, automatically building ready-to-use command lines to gain shells, or escalate privileges.

 

No dependencies or internet required:
All logic and exploit data is bundled; no need to download payloads at runtime, making it ideal for airgapped, locked-down, or CTF environments.

 

Usage​

Download and extract sudown:

Place the single binary (e.g. sudown-amd64) on your target machine.

Run sudown: ./sudown-amd64

By default, it analyses your sudo privileges and prints matching exploit commands.

Recommended options:

 

-a --auto

Automatically spawn a shell for any NOPASSWD binary (where no sudo password is required).

 

-j,--json

Output exploits as JSON for scripting or integration.

 

-v --verbose

Show more debug information, including parsed sudo entries.

 

-f --first

Only output the first working exploit.

Typical workflow:

./sudown-amd64 -a

This will instantly drop you into a shell if any NOPASSWD exploits are found.

 

Example Output

[*] sudo /usr/bin/bash -p

[*] sudo apt-get update -o APT::Update::Pre-Invoke::=/bin/sh

[*] sudo vim -c ':!sh'

Just copy, paste, or run the listed commands for immediate access.

Why Use sudown?

Save time: No more manual GTFOBins lookups or custom script writing.

Consistent: Handles multi-command sudo rules, NOPASSWD/PASSWD, and uncommon edge cases.

Portable: No Python/pip/install required – just run the binary.

 

Get in, get root, get out – with sudown!

old
old
bottom of page