The following brief is a quick demonstration of the issue faced by cve-2019-14287.
This issue is presented when the user is allowed to run a specified command as any user other than the root user account, specified as !root in the /etc/sudoers file; the following screenshots demonstrate how this logic is bypassed.
Checking the sudo version:
As we can see here the version is below the patched version of 1.8.28.
The following screenshot shows a basic sudoers configuration in order to test this flaw:
As we can see here my user can execute screen as any other user with the exception of root.
Displaying the current user id and sudo privs
The following is just outlining the current user id/groups and sudo permissions based on the above /etc/sudoers config
By adding a hash and minus 1 after the -u command in sudo we are able to exploit the flaw and execute the configured command as root:
At this point we now enter screen as a root user and can now execute root commands such as viewing the shadow file that was previously denied to us:
As seen this is a very dangerous flaw where configurations allow the !someuser prefix in the sudoers command.
The best thing to do at this point is run the following command:
apt-get upgrade sudo
Exploiting Sudo 1.8.27 The following brief is a quick demonstration of the issue faced by cve-2019-14287. This issue is presented when the user is allowed to run a specified command as any user other than the root user account, specified …
SMB LFI Exploitation The following outlines a very short overview of LFI using SMB in form of a crib sheet. Install Samba: apt-get install samba Remove default Samba config: rm -f /etc/samba/smb.conf Create New smb.conf: vi /etc/samba/smb.conf The following config …
Linux reverse shell without python. During a recent application exploit into an interactive shell the typical path to spawn a reverse shell and upgrade it to tty was sought. It was found that the go to technologies such as python, …