Monthly Archives: October 2019

Sudo <1.8.28 CVE-2019-14287 Exploit Demo

October 17, 2019

Exploiting Sudo 1.8.27

The following brief is a quick demonstration of the issue faced by cve-2019-14287. This issue is presented when the user is allowed to run a specified command as any user other than the root user account, specified as !root in the /etc/sudoers file; the following screenshots demonstrate how this logic is bypa…   [...]


SMB LFI allow_url_include & allow_url_fopen

October 13, 2019

SMB LFI Exploitation

The following outlines a very short overview of LFI using SMB in form of a crib sheet.
Install Samba: apt-get install samba
Remove default Samba config: rm -f …