privilege escalation – Page 15

Why not use sudo instead of setuid/setgid?

Posted on December 23, 2019 by HolcombSimons

If it is an insecure practise to use setuid/setgid binaries, why do distributions, OSes force it?

The big question: what prevents using sudo instead of the setuid/setgid binaries?

“ping” would be enough for root, no? If a… Continue reading Why not use sudo instead of setuid/setgid?→

How to do a privileges escalation with ping?

Posted on December 15, 2019 by mb3354

I am trying to achieve a privilege escalation. I have a virtual machine on Linux and I escaped from an rbash terminal. I have now a “normal” user terminal. My user is not in the sudoers file.

Is it possible to perform a priv… Continue reading How to do a privileges escalation with ping?→

Modern Intel CPUs Plagued By Plundervolt Attack

Posted on December 11, 2019 by Lindsey O'Donnell

The Intel attack uses a similar technique that gamers commonly use to overclock their CPUs. Continue reading Modern Intel CPUs Plagued By Plundervolt Attack→

Privilege escalation modifying cookie

Posted on December 5, 2019 by moskino11

I have two accounts, an administrator and a simple user. I can capture the administrator’s cookie and use it in a simple user request, I find myself logged in with the administrator user and then log in to the site as an administrator user… Continue reading Privilege escalation modifying cookie→

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

Posted on December 5, 2019 by Unknown

OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework.

The other… Continue reading Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD→

How can one tell if a binary is safe to give sudo permissions for to an untrusted user?

Posted on November 27, 2019 by MechMK1

sudo is sometimes used to give untrusted or “semi-trusted” users the ability to perform certain tasks as root, while not giving them unlimited root access. This is usually done via an entry into /etc/sudoers, specifying which… Continue reading How can one tell if a binary is safe to give sudo permissions for to an untrusted user?→

Unquoted Service Path with Windows Short Filename ( 8.3 filename convention)

Posted on November 22, 2019 by Rakesh Mane

So if there is a service which has executable path as below.

Path to executable : C:\PROGRA~1\ABCSOFT~\service.exe

Here the path is shortened using “8.3 filename” convention and the actual complete path to executable is : … Continue reading Unquoted Service Path with Windows Short Filename ( 8.3 filename convention)→

High-Severity Windows UAC Flaw Enables Privilege Escalation

Posted on November 20, 2019 by Lindsey O'Donnell

Further details of the flaw, which has recently been patched by Microsoft, were disclosed Tuesday by researchers. Continue reading High-Severity Windows UAC Flaw Enables Privilege Escalation→

Sudo parameterised all commands, is this secure? [closed]

Posted on November 13, 2019 by The nothing

About this question
sudo white list just program perl
I think I found possible solution using just sudo

have a program Perl and make executable chmod + x

in sudo whitelist that program and nothing else, I test it and work

because in… Continue reading Sudo parameterised all commands, is this secure? [closed]→

sudo whitelist just program perl

Posted on October 22, 2019 by The nothing

In visudo Ubuntu I whitelist this program

myuser ALL=(root) NOPASSWD:/myuser/program.pl

when I run

sudo /myuser/program.pl

I get prompt to set password. The solution is to add to visudo /usr/bin/perl

myuser ALL=(root) NOPASSWD:/myu… Continue reading sudo whitelist just program perl→