Jump to content
Report any bug Read more... ×
We're hiring! We are accepting applications for Developers, Teachers, Redactors and Junior Moderators. Read more... ×
Search In
  • More options...
Find results that contain...
Find results in...
News
  • For new users read this
  • Challenges
  • for new users thank you to post in introduction and answer "Accept" on the topic of the rules to have access to the integrity of the forum and receive your Exploit-Code
  • The challenges board is being developed you are likely to encounter some bugs if this is the case report to an administrator.

Search the Community

Showing results for tags 'sudo vulnerability'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Community
    • General
    • Introductions
    • Rules
    • Suggestions
    • Update
    • Youtube Courses
    • Help
    • Graphics
  • Application
    • Crypter
    • Keyloggers
    • R.A.T
    • Stealers
    • Miscellaneous
  • Dox
    • Collect
    • Locate
    • Exploit
    • Report
  • Anonymity
    • Identity
    • Web
  • Cracking
    • Software
    • Combo
    • Proxy
    • Config
    • Dorks
  • Pentest
    • Informations Gathering
    • Network Discover
    • Vulnerability Analysis
    • Evasion
    • Enumeration
    • BruteForce
    • Exploit
    • Reporting
    • Web
    • Exfiltrate
    • Defender
  • Scripts
    • Bash
    • C & C++ & C#
    • Perl
    • PHP Shells
    • Python
  • Operating Systems
    • Linux
    • Windows
    • Android
    • Apple
  • Social Engineering
    • Phishing
    • Spoofing
    • VOIP
  • VIP
    • Combos

Blogs

There are no results to display.

There are no results to display.

Product Groups

There are no results to display.

Categories

  • Free
    • Ebook
    • Tools
    • Scripts
  • Points
    • Ebook
    • Tools
    • Scripts
  • VIP
    • Ebook
    • Tools
    • Scripts

Categories

  • Learn
    • Learning Request
  • Teach
    • Teacher Room
    • Classroom
  • Challenges
    • CTF
    • Team VS Team
    • Community Challenge

Project

  • Capture The Flag
  • Web Challenges
  • System Challenges
  • Network Challenges
  • Crypto Challenges

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Birth date

Between and

Experience in years


Your ambitions


Your Favorite domains

Found 1 result

  1. Ichinose

    CVE-2019-14287 sudo vulnerability

    What is the sudo vulnerability ? So the Sudo vulnerability (CVE-2019-14287), is pretty known. But what it is exactly ? as we all know the sudo command can be use to execute command as root (not all command), and if a user is configured as "$USER $HOSTNAME=(ALL, !root) ALL" (it basically mean that the user can run any command with all user but not with the root user) in the sudoers file in /etc/ or by writing "sudo visudo", btw it's the most secure way to access to the /etc/sudoers file, this user can use the sudo command as an other user with the "-u... " parameter. And here is the vulnerability, all user can by default see the /etc/passwd file which content all the user and their UID (user's id) on the 3rd separator ":" so with those information we can know exploit it. what can you do by exploiting this vulnerability: -bypass root password to execute arbitrary command. -bypass command restriction, (e.g: if a user is configured as "sergent ALL=(ALL, !root) /usr/bin/passwd" in the sudoers file, he can still change he's password + as root). How to exploit this vulnerability ? To see if the target is vulnerable check the Sudo version (sudo -V | grep -i "sudo version"), if the version is under 1.8.28, the target is vulnerable. to exploit it, you have to use the "sudo" command with an invalid user, if you write "sudo -uinvaliduser cat /etc/shadow" it will print you an error, so that's why we use the UID, if now we write "sudo -u#-1 cat /etc/shadow" there is no user with the UID -1 it will let us execute the cat command because the user -1 is invalid. How to prevent/fix it ? The most common way to fix it is to upgrade sudo with a basic "sudo apt-get update && sudo apt-get upgrade". But if when you use sudo -V | grep -i "sudo version" you still see a version lower than 1.8.28 try sudo apt-get upgrade sudo. Last (hypothetical) option is to configure the user like that "$USER $HOSTNAME=(ALL, !root) ALL, !/usr/bin/sudo" but like that the user won't be able to use sudo anymore. leave a like it buddy
×