Sudo Buffer Overflow ~ TryHackMe
You can access the room through this link: https://tryhackme.com/room/sudovulnsbof
Sudo Buffer Overflow
A tutorial room exploring CVE-2019–18634 in the Unix Sudo Program.
Task1:Deploy
SSH into that machine you deployed earlier, using port 4444.
The credentials are:
Username: tryhackme
Password: tryhackme
If you’re using Linux, the command will look like this:
ssh -p 4444 tryhackme@ip_of_deploy_machine
Task2:Buffer Overflow
So first question arise in overmind what is bufferOverflow?Also known as a buffer overrun, buffer overflow occurs when the amount of data in the buffer exceeds its storage capacity. That extra data overflows into adjacent memory locations and corrupts or overwrites the data in those locations.
The second question arise in overmind what is CVE-2019–18634? A heap buffer overflow that leads to privilege escalation on sudo <=1.8.30 if pwfeedback is enabled.
So Now we Knew what it is,Now its time to exploit!!
First we check Version of machine:
So Version <=1.8.30,now we have to check that pwfeedback is enabled, we will used this command to check pwdfeedback is enabled or not
cat /etc/sudoers
So lets do it in our room machine
Tip:-if we donot have Access to sudoers file then we try to login from super user, So while we are entering password if **** sign comes it means pwfeedback is enabled
Now we have confirmed pwfeedback is enabled.
It time for my Favorite part lets exploit!!!
We will used below c code from github to get root Access
There is already the same code available on our room machine:
Now it time to get flag
We are done! Great job everyone.
