Room: https://tryhackme.com/room/sudovulnsbof
Focus: Exploiting CVE-2019-18634 in the Unix Sudo Program
Task 1: Deploy
SSH into the deployed machine using port 4444 with the following credentials:
- Username:
tryhackme - Password:
tryhackme
Example command (Linux):
ssh -p 4444 tryhackme@<MACHINE_IP>Task 2: Buffer Overflow
What is a Buffer Overflow?
A buffer overflow occurs when the amount of data written to a buffer exceeds its storage capacity. The excess data spills into adjacent memory, corrupting or overwriting data and potentially allowing code execution.
What is CVE-2019-18634?
This vulnerability is a heap-based buffer overflow in sudo versions ≤1.8.30 when pwfeedback is enabled. It allows privilege escalation to root.
Step 1: Check Sudo Version
Run sudo -V to verify the version. The target system is running a vulnerable version (≤1.8.30):
Step 2: Check if pwfeedback is Enabled
Option 1: Check the sudoers configuration file:
cat /etc/sudoers
TIPIf
/etc/sudoersis not accessible): When running asudocommand, if asterisks appear (****) as you type your password,pwfeedbackis likely enabled.
Step 3: Exploit the Vulnerability
Use the following exploit written in C to escalate privileges: GitHub Repository: https://github.com/saleemrashid/sudo-cve-2019-18634
Alternatively, the exploit code is already present on the target machine.
Step 4: Capture the Flag
After successful exploitation, grab the root flag:
Conclusion
In this room, we explored a real-world privilege escalation vulnerability in sudo. We confirmed the version, verified that pwfeedback was enabled, and executed a working proof-of-concept to gain root access. This is a great example of how minor misconfigurations can result in severe security flaws.