Jump to content
Under Attack Mode

we are under attack,
For 2 days we have been the target of DDOS attack by small ScriptKiddies.
We are deploying a solution to solve the problem
Please stay tunned !


If you encounter problems with the new theme please inform the staff

@AdminSec   @mister     @SC_z     @Naylor

Search In
  • More options...
Find results that contain...
Find results in...

Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics

Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics
Read more...

Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs

Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs
Read more...

Try challenges


Register & Join The Game

Break It

Welcome to Exploit Zone


Become a ninja in the shadow !

News
  • Welcome To Exploit Zone
  • The kingdom of knowledge sharing in hacking
  • New Updates ! Stay Tunned !
  • Share your knowledge here !
  • unlash your power on our challenges !
  • Become a ninja in the Shadow !

Search the Community

Showing results for tags 'cve-2019-14287'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Community
    • General
    • Introductions
    • Rules
    • Suggestions
    • Update
    • Courses
    • Youtube Courses
    • Help
    • Graphics
  • Teams
    • Entropy
  • Pentest
    • BruteForce
    • Defender
    • Enumeration
    • Evasion
    • Exfiltrate
    • Exploit
    • Informations Gathering
    • Network Discover
    • Privilege escalation
    • Reporting
    • Reverse Engineering
    • Vulnerability Analysis
    • Web
  • Application
    • Crypter
    • Keyloggers
    • R.A.T
    • Stealers
    • Miscellaneous
  • Operating Systems
    • Linux
    • Windows
    • Android
    • Apple
  • Scripts
    • Bash
    • C & C++ & C#
    • Perl
    • PHP Shells
    • Python
  • Social Engineering
    • Phishing
    • Spoofing
    • VOIP
  • Cracking
    • Software
    • Combo
    • Proxy
    • Config
    • Dorks
  • Osint
    • Collect
    • Locate
    • Exploit
    • Report
  • Anonymity
    • Identity
    • Web
  • VIP
    • Combos
    • Share
    • Courses

Blogs

There are no results to display.

There are no results to display.

Product Groups

There are no results to display.

Categories

  • Free
    • Ebook
    • Tools
    • Scripts
  • Points
    • Ebook
    • Tools
    • Scripts
  • VIP
    • Ebook
    • Tools
    • Scripts

Categories

  • Learn
    • Learning Request
  • Teach
    • Teacher Room
    • Classroom
  • Challenges
    • CTF
    • Team VS Team
    • Community Challenge

Project

  • Capture The Flag
  • Web Challenges
  • System Challenges
  • Network Challenges
  • Crypto Challenges

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Birth date

Between and

Experience in years


Your ambitions


Your Favorite domains

Found 1 result

  1. What is the sudo vulnerability ? So the Sudo vulnerability (CVE-2019-14287), is pretty known. But what it is exactly ? as we all know the sudo command can be use to execute command as root (not all command), and if a user is configured as "$USER $HOSTNAME=(ALL, !root) ALL" (it basically mean that the user can run any command with all user but not with the root user) in the sudoers file in /etc/ or by writing "sudo visudo", btw it's the most secure way to access to the /etc/sudoers file, this user can use the sudo command as an other user with the "-u... " parameter. And here is the vulnerability, all user can by default see the /etc/passwd file which content all the user and their UID (user's id) on the 3rd separator ":" so with those information we can know exploit it. what can you do by exploiting this vulnerability: -bypass root password to execute arbitrary command. -bypass command restriction, (e.g: if a user is configured as "sergent ALL=(ALL, !root) /usr/bin/passwd" in the sudoers file, he can still change he's password + as root). How to exploit this vulnerability ? To see if the target is vulnerable check the Sudo version (sudo -V | grep -i "sudo version"), if the version is under 1.8.28, the target is vulnerable. to exploit it, you have to use the "sudo" command with an invalid user, if you write "sudo -uinvaliduser cat /etc/shadow" it will print you an error, so that's why we use the UID, if now we write "sudo -u#-1 cat /etc/shadow" there is no user with the UID -1 it will let us execute the cat command because the user -1 is invalid. How to prevent/fix it ? The most common way to fix it is to upgrade sudo with a basic "sudo apt-get update && sudo apt-get upgrade". But if when you use sudo -V | grep -i "sudo version" you still see a version lower than 1.8.28 try sudo apt-get upgrade sudo. Last (hypothetical) option is to configure the user like that "$USER $HOSTNAME=(ALL, !root) ALL, !/usr/bin/sudo" but like that the user won't be able to use sudo anymore. leave a like buddy
×
×
  • Create New...