CVE-2019-14287

Linux Privilege Escalation Cheat Sheet Initial Enumeration System Enumeration hostname uname -a cat /proc/version cat /etc/issue lscpu Process Enumeration ps aux ps aux | grep root User Enumeration whoami id sudo -l cat /etc/passwd cat /etc/passwd | cut -d : -f 1 cat /etc/shadow cat /etc/group

Under construction

Memo ctfとかhtbとか nmap 全ポートのスキャン(時間はかかる) sudo nmap -sS -Pn -p- IP -sV -Aでバージョン情報とかを得るようになる(指定しているポートは確認したほうがよさそうなポート) nmap -sV -n -Pn -A -p 21-25,35,43,53,69,80-88,107-110,115,118,123,137-139,143,156,161-162,220,384,389,443-445,465,514,530,543-544,591,593,63

Linux_Priviledge_Escalation By Shivani Bhavsar You got everything about Escalting Linux Privilege Overview How to enumerate linux systems manually as well as with tools Privilege Escalation Techniques: Kernel Exploits Password Hunting File Permissions Sudo Shell Escaping intended functionality, LD_PRELOAD CVE-2019-14287 CVE-2019-18634 SUID Shared Object Injectio

CVE-2019-14287

Compilation of Resources for TCM's Linux Privilege Escalation course

Linux-Privilege-Escalation-Resources Compilation of Resources for TCM's Linux Privilege Escalation course General Links TCM Website: wwwthecybermentorcom/ TCM-Sec: tcm-seccom/ Course: wwwudemycom/course/linux-privilege-escalation-for-beginners/ (udemy) academytcm-seccom/p/linux-privilege-escalation (tcm academy) Twitch: www

cve_exploits CVE-2019-14287 (Sudoers privilege escalation) On target launch next command to get root shell sudo -lu#-1 /bin/bash CVE-2019-11043 (Nginx + PHP-FPM buffer overflow) Use Metasploit exploit(multi/http/php_fpm_rce) RHOST=TARGET_IP RPORT=TARGET_PORT TARGETURI=/target_vulnerable_filephp CVE-1999-0527 (FTP server with world writable directories) Anonymous

THM easy CTF

Agent Sudo WriteUp (Tryhackme) by yag1n3 First Steps thanks to the ICMP TTL we know it's a Linux Machine nmap p21 vsftpd 303 p22 OpenSSH 76p1 Ubuntu p80 Apache httpd 2429 ((Ubuntu)) Web as soon as we enter the website, someone called Agent R tells us that if you wanna enter the website you have tu use your codename as user-agent we understand that user-agent is the

This is a container built for demonstration purposes that has a version of the sudo command which is vulnerable to CVE-2019-14287

CVE-2019-14287 Demo Container This is a container built for demonstration purposes that has a version of the sudo command which is vulnerable to CVE-2019-14287 (wwwsudows/alerts/minus_1_uidhtml) This container can be run with: docker run -ti cashwilliams/cve-2019-14287-demo Configuration The container has three real users: root alice bob The alice user is configur

HackTheBox Linux Bashed [ PHP Bash, Scheduled task ] Popcorn [ Image upload vulnerability, MOTD File Tampering ] Celestial [ Node deserialization attack, Scheduled task, syslogs ] Nibbles [ Image upload,Default creds opensource/git sudoer sudoer file ] Cronos [ dig DNS,command injection Scheduled task laravel PHP ] Lame [ smb 302 usermapscript command execution ]

Linux-Privilege-Escalation Compilation of Resources for Linux Privilege Escalation course General Links Course: wwwudemycom/course/linux-privilege-escalation-for-beginners/ (udemy) academytcm-seccom/p/linux-privilege-escalation (tcm academy) TryHackMe: tryhackmecom/ LinuxPrivEscArena: tryhackmecom/roo

Automated -configuring a vulnerable system with CVE of my choice using Ansible and demonstrating the attack on that machine

AttackDefendExercise Automated -configuring a vulnerable system with CVE of my choice using Ansible and demonstrating the attack on that machine CVE-2019-14287- Sudo Privilege Escalation Vulnerability Pre Configuration SSH must be installed and enabled sudo apt install ansible sudo apt install openssh-server sudo systemctl status ssh sudo ufw allow ssh Installing Ansible

Common CTF References Kali box setup tryhackme virtual box do not have pip installed sudo apt install python3-pip install gobuster as well sudo apt-get install gobuster Install webapplyzer browser add on Setup Burpsuite and foxyproxy download impacket git clone githubcom/SecureAuthCorp

Zero2H4x0r This is not meant to serve as an exhaustive summary of the content presented by Heath Adams in the Practical Ethical Hacking Course Rather, it's a compilation of my personal notes and reflections from my pursuit of obtaining my PNPT I typically maintain my notes locally within my Obsidian vault and periodically upload them here in batches While these notes ma

Sudo exploit

CVE-2019-14287 A script to check for the sudo security bypass (CVE-2019-14287) This script checks for a vulnerable sudo version and tries to exploit it It can run alone or can be integrated into a enumeration scanner like LinEnumsh

Penetration-Testing-2 DC CyberSecurity Group Penetration Test Report Rekall Corporation Penetration Test Report  Confidentiality Statement This document contains confidential and privileged information from Rekall Inc (henceforth known as Rekall) The information contained in this document is confidential and may constitute inside or n

PrivEsc Script

[R00tX V12] PrivEsc Enumeration Script Features Checks if vulnerable to SUDO exploit CVE-2019-14287 if yes generates root shell Checks if Root account has No password set Checks current user permissions Checks SUID binaries Checks for Write Permissions Gets current username Gets Kernel Version Gets OS name and verion Checks for any Cronjobs List all users excluding service a

Offensive Security Project

Capture_The_Flag_Offensive_Security Date: Jul 2023 Overview of the Offensive Security Project Participated in a rigorous Capture the Flag (CTF) exercise of a fictive company Rekall Corporation (totalrekallxyz), utilizing advanced offensive security techniques to uncover and exploit vulnerabilities within a simulated organization environment Key Achievements Detected and acted

Project 2-Offensive Security

Project 2 Offensive-security Challenges for Project 2 - Day 1 Flag 1 Category: Easy On the Welcomephp page, enter a reflected XSS payload where it says "Put Your Name Here" The successful payload will make a pop up appear When you close out the pop-up, Flag 1 will appear! Flag 2 Category: Intermediate On the Memory-Plannerphp webpage, the flag will appear if you e

Sudo Security Policy bypass Vulnerability

CVE-2019-14287-IT18030372- Sudo Security Policy bypass Vulnerability

SNP AssIgnMents-2020

SNP SNP AssIgnMents-2020 This report contains information about the CVE-2019-14287 (Sudo vulnerability) Submitted on 12th of May 2020

Local Root vulnerability- CVE-2019-13272 / Security Bypass Vulnerability – CVE-2019-14287/Google Android - 'Stagefright' Remote Code Execution - CVE-2015-1538

vulnerability-exploitation Local Root vulnerability- CVE-2019-13272 / Security Bypass Vulnerability – CVE-2019-14287/Google Android - 'Stagefright' Remote Code Execution - CVE-2015-1538 Absolutely, I always choose Linux vulnerability, but then I had to choose different vulnerability else because I didn't know two people could do the same thing And then Havi

TryHackMe OS Name Keywords CVE Root escalation Description L LFI Basics LFI, log poisoning - - LFI tutorial L Inclusion LFI - sudo + socat LFI challenge L Bounty hacker hydra - sudo + /bin/tar ctf L Brooklyn99 stegcracker - sudo + nano ctf L Gotta catch'em all ctf - - Look for the pokemons in various locations L Joystick ctf, hydra - - ctf L Pickle ric

Local Root vulnerability- CVE-2019-13272 / Security Bypass Vulnerability – CVE-2019-14287

Exploiting-a-Linux-kernel-vulnerability - IT19159140 Local Root vulnerability- CVE-2019-13272 / Security Bypass Vulnerability – CVE-2019-14287 Absolutely, I always choose Linux vulnerability, but then I had to choose different vulnerability else because I didn't know two people could do the same thing And then Having learned of this, I chose a different vulnerability

Be A Red Teamer (Obsidian notebook)

1 Recon quick inventory arsenal wordlist fzf-wordlists find -L /usr/share/wordlists -type f | fzf seclists integrated scanner nmap # 扫描全端口，用默认脚本探测版本 nmap -n -v -Pn -sS -p- $IP --max-retries=0 nmap -n -v -sC -sV -p $Ports $IP # 寻找目标IP nmap -sn $IP/24 # TCP|UDP扫描全端口 nmap -sT --min-rat

Sudo Vulnerability (CVE-2019-14287) this is demostration on CVE-2019-14287 vulnerability Here is everything you need to know about the Sudo vulnerability, how it works, and how to handle the vulnerable Sudo component, if you find that you are currently at risk Joomla Account Creation and Privilege Escalation CVE:2016-8869 / 2016-8870 CVE Reference : CVE-2016-8869, CVE-2016-8

Even though user permissions in the sudoer file mentions that it explicitly prevents users running commands as root, the security bypass vulnerability allows the users with Linux systems to execute commands as root. A user which as ALL permissions in the Runas specifications can execute these commands on any or all the users of the system. This …

OHTS ASSIGNMENT AGMalanga Mishad Vishwajith Thilakarathna IT16035836 BSc (Hons) in Information Technology Specializing in Cyber Security Department of Information Technology Sri Lanka Institute of Information Technology Sri Lanka MAY 2020 Table of Contents WHAT IS SUDO? 3 SUDORE FILE 3 How to setup attack 3 Vulnerability details 4 Brief description of vulnerability 4 DEMONST

This repository hosts a comprehensive report on a Capture The Flag (CTF) project conducted on a hypothetical company, Rekall. It details the discovery and exploitation of various vulnerabilities, providing valuable insights into cybersecurity practices and mitigation strategies.

Offensive Security CTF Project Welcome to the Offensive Security CTF Project! This repository contains concise write-ups of Capture The Flag (CTF) challenges conducted on a hypothetical company, Rekall Corporation The challenges focus on three main areas: Web Security, Linux Servers, and Windows Servers Web Application Security CTF In this challenge, we identified and exploit

CVE-2019-14287

Linux-Privilege-Escalation-using-Sudo-Rights CVE-2019-14287

Sudo-Vulnerability-Exploit-CVE-2019-14287 Sudo has been discovered to be unreliable, one of the most significant, powerful, and commonly used utilities installed in almost any Unix and Linux based operating system as a simple command A pseudo security policy bypass flaw that allows arbitrary commands to be executed on a targeted Linux device by a malicious user or application

POC for MITRE ATT&CK Privilege Escalation Tactic - Sudo Technique

Privilege Escalation - Sudo - CVE-2019-14287 This attack is based on the MITRE ATT&CK Privilege Escalation Tactic by using the Sudo Technique It makes use of the misconfiguration in the sudoers file, as described in CVE-2019-14287 Description of the vulnerability This vulnerability allows a non-root user to run commands as root The sudo command can be run alternativ

Sudo Security Bypass (CVE-2019-14287)

Sudo-Security-Bypass-CVE-2019-14287 =========================================================================== ██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██╗ █████╗ ██╗██╗ ██╗██████╗ █████╗ ███████╗ ██╔══�

Sudo Security Bypass (CVE-2019-14287)

Sudo-Security-Bypass-CVE-2019-14287 =========================================================================== ██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██╗ █████╗ ██╗██╗ ██╗██████╗ █████╗ ███████╗ ██╔══�

Scripts to verify and execute CVE-2019-14287 as part of Research

Sudo-CVE-2019-14287 Scripts to verify and execute CVE-2019-14287 as part of Research The scripts are written in Python3 as well as bash as these are the two most common interpreters that can be found in evey modern Linux Operating System The scripts can be integrated into enumeration Scanner like Linenumsh

Even though user permissions in the sudoer file mentions that it explicitly prevents users running commands as root, the security bypass vulnerability allows the users with Linux systems to execute commands as root. A user which as ALL permissions in the Runas specifications can execute these commands on any or all the users of the system. This …

WHAT IS SUDO? Sudo, abbreviated for Super User Do, is a program for UNIX and Linux systems that gives the user the permissions needed to run commands and scripts as the root of the system and logs all the commands and arguments A sudo system administrator can: Give permissions for users to run root commands of the system operation Control the commands a user can use of each h

Containerized and deployable use of the CVE-2019-14287 vuln. View README.md for more.

Dockerized CVE-2019-14287 Containerized and deployable use of the CVE-2019-14287 vuln View READMEmd for more This CVE affects all versions of sudo under 1828 where a sudo user can escalate to root by referencing its user ID This Dockerfile allows this CVE to be built, where it can be used for CTF's and demonstrations for example Shoutout to MuirlandOracle for reachi

This is the writeup for the Agent Sudo CTF on TryHackMe!

Agent-Sudo-CTF-Writeup This is the writeup for the Agent Sudo CTF on TryHackMe! tryhackmecom/room/agentsudoctf tags: enumerate, hash cracking, exploit, brute-force ENUMERATION First let's kick things off with some classic nmap scans to get a lay of the land export IP=101024636 export myIP=10132471 nmap -F $IP Next, we'll start another scan in the backg

Pizza Shop About This VM was created by team Eternal Pizza representing Seneca College/Ontario for the CyberSci 2020 Nationals online CTF Challenge Roadmap This VM has 6 challenges totaling 100 points The challenges are split up by their difficulty, as well as the the order of their completion Challenge Difficulty Score Value Find out where the admin of the forum l

系统漏洞合集 Since 2019-10-16

System-Vulnerability 实时更新较好用最新漏洞EXP，仅供已授权渗透测试使用 Windows --2019920 CVE-2019-0708 Blue Keep Rce --20191120 CVE-2019-1388 UAC 提权 --20203 CVE-2020-0796 - SMBv3 poc --20204 CVE-2020-0796 - SMBv3 提权 --20205 全版本窃取令牌提权 --20206 CVE-2020-0796 - SMBv3 getshell Linux --201911 CVE-2019-14287 sudo提权 --20

A highly-scalable, ultra portable, hassle free* CTFd back-end focused for use @ UoG

#UoG CTF Introduction The following repo is a personal project, revision tool, as well as a proposed service for University of Gloucestershire Comp Sci students The front-end is from the CTFd platform, however the back-end is entirely implemented with Docker, for ultimate scalability and portability I started this because running a CTF in the Cloud is super expensive (atle

Search for known vulnerabilities in software using software titles or a CPE 2.3 string

search_vulns Search for known vulnerabilities in software using software titles or a CPE 23 string About search_vulns can be used to search for known vulnerabilities in software To achieve this, the tool utilizes a locally built vulnerability database, currently containing CVE information from the National Vulnerability Database (NVD) and exploit information from the Exploit

Sudo Security Bypass (CVE-2019-14287)

Sudo-Security-Bypass-CVE-2019-14287 =========================================================================== ██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██╗ █████╗ ██╗██╗ ██╗██████╗ █████╗ ███████╗ ██╔══�

Privilege Escalation in Sudo-1827 What's sudo? Sudo is a program for Unix-like computer operating systems that enables users to run programs with the security privileges of another user, by default the superuser The vulnerability The sudo vulnerability CVE-2019-14287 is a security policy bypass issue that provides a user or a program the ability to execute commands as r

CVE-2019-14287-write-up 4294967295 Sudo Bug Allows Restricted Users to Run Commands as Root DEMONSTRATION OF VULNERABILITY Add a new user: sudo su - root useradd -m -s /bin/bash testuser passwd testuser // add password to user visudo Add a new entry test ALL=(ALL, !root) /usr/bin/id // specifying that this user cannot use id command with root user SAVE THE FILE AND EXIT FR

Simple and accurate guide for linux privilege escalation tactics

Linux-Privilege-Escalation-Basics Simple and accurate guide for linux privilege escalation tactics Privilege Escalation Methods Basic System Enumeration Bash History OpenVPN Credentials Credentials in tcpdump files Writable Files SSH Private Keys Kernel Expliots Sudo -l Sudo CVE Sudo LD_PRELOAD SUID / GUID Binaries SUID PATH Environmental Variable Cron Tabs & Scheduled

Config files for my GitHub profile.

Linux-Privilege-Escalation-Basics Simple and accurate guide for linux privilege escalation tactics Privilege Escalation Methods Basic System Enumeration Bash History OpenVPN Credentials Credentials in tcpdump files Writable Files SSH Private Keys Kernel Expliots Sudo -l Sudo CVE Sudo LD_PRELOAD SUID / GUID Binaries SUID PATH Environmental Variable Cron Tabs & Scheduled

Reverse shell cheat sheet

Privilege Escalation Methods Basic System Enumeration Bash History OpenVPN Credentials Credentials in tcpdump files Writable Files SSH Private Keys Kernel Expliots Sudo -l Sudo CVE Sudo LD_PRELOAD SUID / GUID Binaries SUID PATH Environmental Variable Cron Tabs & Scheduled Tasks Capabilities (Python - Perl - Tar - OpenSSL) NFS Root Squashing chkrootkit 049 Tmux (Attach

Linux-Privilege-Escalation-Basics Simple and accurate guide for linux privilege escalation tactics Privilege Escalation Methods Basic System Enumeration Bash History OpenVPN Credentials Credentials in tcpdump files Writable Files SSH Private Keys Kernel Expliots Sudo -l Sudo CVE Sudo LD_PRELOAD SUID / GUID Binaries SUID PATH Environmental Variable Cron Tabs & Scheduled

Compilation of Resources for Linux Privilege Escalation

Linux-Privilege-Escalation-Resources Compilation of Resources for Linux Privilege Escalation General Links Github: githubcom/0dayhunter LinPEAS: githubcom/0dayhunter/PEASS-ng LinuxPrivEscArena: tryhackmecom/room/linuxprivescarena Linux exploit suggester: githubcom/0dayhunter/Linux-exploit-suggester Introduction Basic Linux Priv Esc: b

CVE-2019-14287 is a vulnerability in the sudo command-line utility found in Unix-like operating systems This vulnerability allows an unauthorized user to execute arbitrary commands as the root user without knowing the password, even if the configuration explicitly forbids the user from running any commands

AGENT-SUDO IP: 1010209235 PORTS 21 22 80 21 anon not allowed 80 Dear agents, Use your own codename as user-agent to access the site From, Agent R from the message above, we got Agent R used R as user-agent via firefox, got this: What are you doing! Are you one of the 25 employees? If not, I going to report this incident Dear

Project-2-Offensive-Security-CTF DC CyberSecurity Group Penetration Test Report Rekall Corporation Penetration Test Report  Confidentiality Statement This document contains confidential and privileged information from Rekall Inc (henceforth known as Rekall) The information contained in this document is confidential and may constitute

Project 2-Offensive Security

Project 2 Offensive-security Challenges for Project 2 - Day 1 Flag 1 Category: Easy On the Welcomephp page, enter a reflected XSS payload where it says "Put Your Name Here" The successful payload will make a pop up appear When you close out the pop-up, Flag 1 will appear! Flag 2 Category: Intermediate On the Memory-Plannerphp webpage, the flag will appear if you e

Pentesting Linux

Pentesting Linux Initial Foothold Questions to consider What distribution of Linux is the system running? What shell & programming languages exist on the system? What function is the system serving for the network environment it is on? What application is the system hosting? Are there any known vulnerabilities? Useful commands and tools on Linux Useful shortcuts and h

TryHackMe: Agent Sudo Writeup

Agent Sudo Writeup: Task 1: Enumeration NMap Scan: First things first, I performed an NMap scan on the MACHINE_IP I ran the following scan: sudo nmap -vv -sS -sV -sC -oN nmap_outtxt {MACHINE_IP} The scan returned the following results: PORT STATE SERVICE REASON VERSION 21/tcp open ftp syn-ack ttl 63 vsftpd 303 22/tcp ope

100DaysOfCode Day 1 : 29th July 2020 Solved one java question on hackerrank and compeleted Introductory Researchingroom!on tryhackme Check it out on tryhackme Day 2 : 30th July 2020 Solved java questions on hackerrank and completed task 1 ofc4ptur3-th3-fl4g room! tryhackme Participated in H@cktivityCon CTF at ctfhacktivityconcom/challenges_ and solved forensics and w

KILLER PROJECT #sudo exploitation #Abusing sudo #Exploiting Sudo If you like the tool and for my personal motivation so as to develop other tools please a +1 star * The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :) INTRO Overview Features Usage Why is it possible to run "sudo -l" without a password? Docker -

Pentesting reports for a virtual business Art's Tailor Shoppe 👔

Pentesting Reports for the virtual business Arts Tailor Shop (using Latex) The final penetration test report without the attack narratives and Mitre Att&ck TTPs can be found here The agreement template signed by Art's Tailor Shop for the penetration test can be found here Report Link Summary Findings CVSS Base Ratings Ex14_MobileAppTestpdf Reverse Engin

Pentest Sheet Information Gathering 掃 port rustscan -a <ip> -r 1-65535 -t 1500 --tries 3 -- -A nmap 各指令 nmap -sV --script vuln <ip> -sV 各服務的版本 -sC 用 default script 掃 -A 偵測主機的作業系統與各種服務的版本 -p- 所有 port 都掃 sudo nmap -sUV -T4 -F --version-intensity 0 <IP> Fast UDP Scan