Innogen security

RECENT BLOG

Posted in Uncategorized

Exploiting Sudo 1.8.27

The following brief is a quick demonstration of the issue faced by cve-2019-14287.

This issue is presented when the user is allowed to run a specified command as any user other than the root user account, specified as !root in the /etc/sudoers file; the following screenshots demonstrate how this logic is bypassed.

 

Sudo Version

Checking the sudo version:

As we can see here the version is below the patched version of 1.8.28.

 

Sudoers File Example

The following screenshot shows a basic sudoers configuration in order to test this flaw:

As we can see here my user can execute screen as any other user with the exception of root.

Displaying the current user id and sudo privs

The following is just outlining the current user id/groups and sudo permissions based on the above /etc/sudoers config

 

Trigger flaw

By adding a hash and minus 1 after the -u command in sudo we are able to exploit the flaw and execute the configured command as root:

 

At this point we now enter screen as a root user and can now execute root commands such as viewing the shadow file that was previously denied to us:

As seen this is a very dangerous flaw where configurations allow the !someuser prefix in the sudoers command.

The best thing to do at this point is run the following command:

apt-get upgrade sudo

Happy hacking

 

Innogen security

RECENT BLOG

Exploiting Sudo 1.8.27 The following brief is a quick demonstration of the issue faced by cve-2019-14287. This issue is presented when the user is allowed to run a specified command as any user other than the root user account, specified …

17 Oct 2019

SMB LFI Exploitation The following outlines a very short overview of LFI using SMB in form of a crib sheet. Install Samba: apt-get install samba Remove default Samba config: rm -f /etc/samba/smb.conf Create New smb.conf: vi /etc/samba/smb.conf The following config …

13 Oct 2019

Linux reverse shell without python. During a recent application exploit into an interactive shell the typical path to spawn a reverse shell and upgrade it to tty was sought. It was found that the go to technologies such as python, …

19 Sep 2019