Baron Samedit Tryhackme Writeup. This is a Writeup of Tryhackme room… | by Shamsher khan | Apr, 2021
Room link: https://tryhackme.com/room/sudovulnssamedit
Note: This room is free
In January 2021, Qualys released a blog post detailing a terrifying new vulnerability in the Unix sudo program.
Specifically, this was a heap buffer overflow allowing any user to escalate privileges to root — no misconfigurations required. This exploit works with the default settings, for any user regardless of sudo permissions, which makes it all the scarier. The vulnerability has been patched, but affects any unpatched version of the sudo program from 1.8.2–1.8.31p2 and 1.9.0–1.9.5p1, meaning that it’s been around for the last ten years.
The program was very quickly patched (with patched versions making their way into repositories soon after), so this exploit will no longer work on up-to-date targets; however, it is still incredibly powerful.
As with CVE-2019–18634 (which we saw in the second sudovulns room), this vulnerability is a buffer overflow in the sudo program; however, this time the vulnerability is a heap buffer overflow, as opposed to the stack buffer overflow we saw before. The stack is a very regimented section of memory which stores various important aspects of a program. The heap, on the other hand, is reserved for dynamic allocation of memory, allowing for more flexibility in how values and constructs are created and accessed by a program. As with the previous room, we will not go into a huge amount of detail about how this works in the interests of keeping the content beginner friendly. All we really need to understand is that this vulnerability is incredibly powerful, and extremely wide-reaching
login over SSH using these credentials:
- Username: tryhackme
- Password: tryhackme
The command will be:
ssh tryhackme@10.10.231.160
Question 1. After compiling the exploit, what is the name of the executable created
Answer: sudo-hax-me-a-sandwich
now let’s run exploit
You can find me on:
LinkedIn:- https://www.linkedin.com/in/shamsher-khan-651a35162/
Twitter:- https://twitter.com/shamsherkhannn
Tryhackme:- https://tryhackme.com/p/Shamsher
You can find me on:
LinkedIn:- https://www.linkedin.com/in/shamsher-khan-651a35162/
Twitter:- https://twitter.com/shamsherkhannn
Tryhackme:- https://tryhackme.com/p/Shamsher