Jump to content
Under Attack Mode

we are under attack,
For 2 days we have been the target of DDOS attack by small ScriptKiddies.
We are deploying a solution to solve the problem
Please stay tunned !

If you encounter problems with the new theme please inform the staff

@AdminSec   @mister     @SC_z     @Naylor

Search In
  • More options...
Find results that contain...
Find results in...

Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics

Researchers Uncover Novel Way to De-anonymize Device IDs to Users' Biometrics

Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs

Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs

Try challenges

Register & Join The Game

Break It

Welcome to Exploit Zone

Become a ninja in the shadow !

  • Welcome To Exploit Zone
  • The kingdom of knowledge sharing in hacking
  • New Updates ! Stay Tunned !
  • Share your knowledge here !
  • unlash your power on our challenges !
  • Become a ninja in the Shadow !

Search the Community

Showing results for tags 'sudo vulnerability'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Community
    • General
    • Introductions
    • Rules
    • Suggestions
    • Update
    • Courses
    • Youtube Courses
    • Help
    • Graphics
  • Teams
    • Entropy
  • Pentest
    • BruteForce
    • Defender
    • Enumeration
    • Evasion
    • Exfiltrate
    • Exploit
    • Informations Gathering
    • Network Discover
    • Privilege escalation
    • Reporting
    • Reverse Engineering
    • Vulnerability Analysis
    • Web
  • Application
    • Crypter
    • Keyloggers
    • R.A.T
    • Stealers
    • Miscellaneous
  • Operating Systems
    • Linux
    • Windows
    • Android
    • Apple
  • Scripts
    • Bash
    • C & C++ & C#
    • Perl
    • PHP Shells
    • Python
  • Social Engineering
    • Phishing
    • Spoofing
    • VOIP
  • Cracking
    • Software
    • Combo
    • Proxy
    • Config
    • Dorks
  • Osint
    • Collect
    • Locate
    • Exploit
    • Report
  • Anonymity
    • Identity
    • Web
  • VIP
    • Combos
    • Share
    • Courses


There are no results to display.

There are no results to display.

Product Groups

There are no results to display.


  • Free
    • Ebook
    • Tools
    • Scripts
  • Points
    • Ebook
    • Tools
    • Scripts
  • VIP
    • Ebook
    • Tools
    • Scripts


  • Learn
    • Learning Request
  • Teach
    • Teacher Room
    • Classroom
  • Challenges
    • CTF
    • Team VS Team
    • Community Challenge


  • Capture The Flag
  • Web Challenges
  • System Challenges
  • Network Challenges
  • Crypto Challenges

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Birth date

Between and

Experience in years

Your ambitions

Your Favorite domains

Found 1 result

  1. What is the sudo vulnerability ? So the Sudo vulnerability (CVE-2019-14287), is pretty known. But what it is exactly ? as we all know the sudo command can be use to execute command as root (not all command), and if a user is configured as "$USER $HOSTNAME=(ALL, !root) ALL" (it basically mean that the user can run any command with all user but not with the root user) in the sudoers file in /etc/ or by writing "sudo visudo", btw it's the most secure way to access to the /etc/sudoers file, this user can use the sudo command as an other user with the "-u... " parameter. And here is the vulnerability, all user can by default see the /etc/passwd file which content all the user and their UID (user's id) on the 3rd separator ":" so with those information we can know exploit it. what can you do by exploiting this vulnerability: -bypass root password to execute arbitrary command. -bypass command restriction, (e.g: if a user is configured as "sergent ALL=(ALL, !root) /usr/bin/passwd" in the sudoers file, he can still change he's password + as root). How to exploit this vulnerability ? To see if the target is vulnerable check the Sudo version (sudo -V | grep -i "sudo version"), if the version is under 1.8.28, the target is vulnerable. to exploit it, you have to use the "sudo" command with an invalid user, if you write "sudo -uinvaliduser cat /etc/shadow" it will print you an error, so that's why we use the UID, if now we write "sudo -u#-1 cat /etc/shadow" there is no user with the UID -1 it will let us execute the cat command because the user -1 is invalid. How to prevent/fix it ? The most common way to fix it is to upgrade sudo with a basic "sudo apt-get update && sudo apt-get upgrade". But if when you use sudo -V | grep -i "sudo version" you still see a version lower than 1.8.28 try sudo apt-get upgrade sudo. Last (hypothetical) option is to configure the user like that "$USER $HOSTNAME=(ALL, !root) ALL, !/usr/bin/sudo" but like that the user won't be able to use sudo anymore. leave a like buddy
  • Create New...