8/28/2023 0 Comments Cve 2019 14287 exploit![]() ![]() ![]() But when we run the command we are allowed to, it works just the same: $ sudo -u#1000 vi -version Using the numerical ID, let's try to run the chmod command like we did earlier: $ sudo -u#1000 chmod -versionĪnd it still doesn't work. We can also use the id command to see this: $ id If you recall from earlier, the ID is part of the line added in the passwd file: testuser:x:1000:1000::/home/testuser:/bin/sh Modified by by of running a command as another user by name, we can also do it using the numerical ID. But if we run the vi command, which was specified, it works: $ sudo -u testuser vi -version We can see that it doesn't let us run that command, because it wasn't specified in the sudoers file. Sorry, user testuser is not allowed to execute '/bin/chmod -version' as testuser on drd. Specify the user and the command to run, for example, chmod: $ sudo -u testuser chmod -version Sudo allows us to run commands as another user with the -u switch. If we run the whoami command, it will clearly show that we are the new user: $ whoami Su: warning: cannot change directory to /home/testuser: No such file or directory Let's switch to our new user use the su command to do so: ~# su - testuser The sudoers file should now look like this: ~# cat /etc/sudoers Now press Escape to exit insert mode and go back to command mode, and enter :WQ to write to the file and quit. Then, add a new line for our user under the "User privilege specification" heading: # User privilege specificationīasically, the line is saying our new user can run the vi command as any other user except root. This is basically a vi session, so we must press I to enter insert mode. That will allow us to properly edit the /etc/sudoers file. # See sudoers(5) for more information on "#include" directives: # Allow members of group sudo to execute any command # See the man page for details on how to write a sudoers file.ĭefaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Please consider adding local content in /etc/sudoers.d/ instead of ![]() # This file MUST be edited with the 'visudo' command as root. The next thing we need to do is configure sudo privileges for our new user we can do that with the visudo command: # Testuser:x:1000:1000::/home/testuser:/bin/sh Step 2: Configure Sudo Now, if we look at the /etc/passwd file, which lists all users on the system and their relevant information, we can see our new user at the bottom: ~# cat /etc/passwdĭaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin Use the passwd command, which will prompt for a new password: ~# passwd testuser Next, we need to add a password for our newly created user. Use the useradd command followed by the name of our new user: ~# useradd testuser To get started, let's create a demo user we can test this out on. Don't Miss: Harden Sudo Passwords to Defend Against Hashcat Attacks.We will be testing this vulnerability out on Kali Linux with sudo version 1.8.27. To update it, just use the following command (it may take a while). While the specific configuration of sudo seen above isn't the most common, it is certainly not unheard of, so it's important to know how the bug works and to upgrade if your sudo version is vulnerable. To check if your version is vulnerable, simply run sudo with the -V switch to display the current version: ~# sudo -V Sudo versions before 1.8.28 are affected (it was patched fairly quickly after its discovery), so older versions should be upgraded as soon as possible. ![]() Don't Miss: Use SUDO_KILLER to Identify & Abuse Sudo Misconfigurations.The issue arose from the way sudo treats certain user ID numbers, incorrectly interpreting them as the ID of root. Sudo is a command-line utility used on nearly every Linux system that allows admins to give specific users or groups the ability to run commands as root, or in some cases, other users.Ī vulnerability ( CVE-2019-14287) published in October 2019 allowed users to execute commands as root on systems that explicitly deny root access but allow the user to run commands as another user. We'll be exploring an older vulnerability in sudo that allows a user to run commands as root. From a hacker's point of view, sudo is often all that stands between them and root access. Short for superuser do (or substitute user do, depending on who you ask), it allows users to run commands as either root or another user on the system. Anyone who has used Linux long enough is familiar with sudo. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |