Skip to content

Latest commit

 

History

History
44 lines (23 loc) · 1.7 KB

README.md

File metadata and controls

44 lines (23 loc) · 1.7 KB

Dockerized CVE-2019-14287

Containerized and deployable use of the CVE-2019-14287 vuln. View README.md for more.

This CVE affects all versions of sudo under 1.8.28 where a sudo user can escalate to root by referencing its user ID.

This Dockerfile allows this CVE to be built, where it can be used for CTF's and demonstrations for example.

Shoutout to MuirlandOracle for reaching out to me for help regarding dockerising this CVE. MurilandOracle has released a room on TryHackMe where this CVE is exploited and explained - he does an excellent job of explaining how it works.

I highly reccommend you check out the room specifically - but moreover the TryHackMe platform itself.

~ CMNatic

To build:

Either clone repo, or download contents of "Dockerfile" to local machine:

git clone https://github.com/CMNatic/Dockerized-CVE-2019-14287/

or simply pull from the Docker Hub

as it uses an SSH server, port 22 is exposed - please feel free to address this port to any port that is not in use on your host.

  1. docker run -d -p 2222:22 cmnatic/cve-2019-14287-demo

Login to container:

Using default credentials: Username: uogctf Password: uogctf

  1. ssh -l uogctf 127.0.0.1 -p 2222

Then attempt the CVE.

for reference, root user is available to login using uogctf