Summary: A local privilege escalation vulnerability has been discovered in BBOT (Bighuge BLS OSINT Tool) version 2.1.0, which allows malicious modules to be executed with elevated permissions when misconfigured with sudo. This exploit highlights the potential misuse of trusted open-source tools in real-world scenarios. A proof-of-concept (PoC) is provided for demonstration.
Affected: BBOT (Bighuge BLS OSINT Tool), Version 2.1.0
Keypoints :
- Exploit allows privilege escalation via the execution of a malicious Python module.
- Requires the BBOT tool to be configured as a sudo-executable with NOPASSWD.
- Proven on Kali Linux Rolling (2025.1) with specific step-by-step PoC instructions provided.