- For new users read this
- for new users thank you to post in introduction and answer "Accept" on the topic of the rules to have access to the integrity of the forum and receive your Exploit-Code
- The challenges board is being developed you are likely to encounter some bugs if this is the case report to an administrator.
Search the Community
Showing results for tags 'sudo vulnerability'.
Found 1 result
What is the sudo vulnerability ? So the Sudo vulnerability (CVE-2019-14287), is pretty known. But what it is exactly ? as we all know the sudo command can be use to execute command as root (not all command), and if a user is configured as "$USER $HOSTNAME=(ALL, !root) ALL" (it basically mean that the user can run any command with all user but not with the root user) in the sudoers file in /etc/ or by writing "sudo visudo", btw it's the most secure way to access to the /etc/sudoers file, this user can use the sudo command as an other user with the "-u... " parameter. And here is the vulnerability, all user can by default see the /etc/passwd file which content all the user and their UID (user's id) on the 3rd separator ":" so with those information we can know exploit it. what can you do by exploiting this vulnerability: -bypass root password to execute arbitrary command. -bypass command restriction, (e.g: if a user is configured as "sergent ALL=(ALL, !root) /usr/bin/passwd" in the sudoers file, he can still change he's password + as root). How to exploit this vulnerability ? To see if the target is vulnerable check the Sudo version (sudo -V | grep -i "sudo version"), if the version is under 1.8.28, the target is vulnerable. to exploit it, you have to use the "sudo" command with an invalid user, if you write "sudo -uinvaliduser cat /etc/shadow" it will print you an error, so that's why we use the UID, if now we write "sudo -u#-1 cat /etc/shadow" there is no user with the UID -1 it will let us execute the cat command because the user -1 is invalid. How to prevent/fix it ? The most common way to fix it is to upgrade sudo with a basic "sudo apt-get update && sudo apt-get upgrade". But if when you use sudo -V | grep -i "sudo version" you still see a version lower than 1.8.28 try sudo apt-get upgrade sudo. Last (hypothetical) option is to configure the user like that "$USER $HOSTNAME=(ALL, !root) ALL, !/usr/bin/sudo" but like that the user won't be able to use sudo anymore. leave a like it buddy