TryHackMe Sudo Buffer Overflow-Writeup

Sudo Buffer Overflow is a beginner level Linux machine on TryHackMe. The machine teaches us about vulnerabilities in sudo command. The machine is running sudo < 1.8.26 which is vulnerable to Buffer Overflow exploit if password feedback is turned on. In this machine, the password feedback is turned on so we exploit this Buffer Overflow to gain root access into the system

Sudo Buffer Overflow-Writeup

 

Connecting to HTB Vpn:

1] First download the vpn file from the access page of tryhackme

2] Open the .ovpn file in your terminal with the following command

openvpn yourname.ovpn

3] Now as the “Initialization Completed” message appears on the screen you are connected to the hackthebox network

4] You can access the machine at the given IP

SCANNING

1] First let’s do a nmap scan on our target at 10.10.61.54

nmap -sV -A -p- 10.10.61.54

-sV : to get the service versions on each port

-A : to get information such as os details,traceroutes,ports etc

-p- : to scan all 65535 ports

We get the following details from our scan

Sudo Buffer Overflow-Writeup

GAINING ACCESS

2] We are given the ssh credentials so lets log in

Sudo Buffer Overflow-TryHackMe Writeup

PRIVILEGE ESCALATION

3] After logging in there is an executable file in the home directory

Sudo Buffer Overflow-Writeup

4] If we search for the sudo version we can see it is 1.8.21 and there is password feedback in the sudo command.

Sudo Buffer Overflow-Writeup

5] Since there is password feedback and the version is < 1.8.26 a buffer overflow exploit comes to my mind

https://www.linuxminion.com/sudo-stack-based-buffer-overflow-vulnerability- pwfeedback/

https://www.exploit-db.com/exploits/47995

6] We have this exploit compiled and ready to exploit in our home folder.

So let’s run that to get a root shell

./exploit

Sudo Buffer Overflow-Writeup

Don’t forget to check out our latest Blogs  – TryHackMe WgelCTF-Writeup

Leave a Reply

Your email address will not be published. Required fields are marked *