Twitter | Search | |
Kristoffer Marshall
Cyber defense guy, presenter, homesteader, former Linux engineer, & electronics enthusiast. Computers will always be a hobby. πŸ˜ƒ
7,384
Tweets
2,549
Following
2,228
Followers
Tweets
Kristoffer Marshall 2h
Replying to @Unix_Guru
This article explains it a bit better. I freaked out for a bit, and then realized that the sudoers directive needs to be in a pretty specific format for this to work.
Reply Retweet Like
Kristoffer Marshall 3h
Reply Retweet Like
Kristoffer Marshall 3h
Replying to @uncl3dumby
From my experience, I've seen programs avoided in sudoers where you can break out of; vi/vim, find, awk, less, man, tee, etc. It all depends on the environment and how creative people are with sudoers. I personally don't recall seeing ALL and !root in the same directive.
Reply Retweet Like
Kristoffer Marshall 3h
Replying to @CrunkComputing
πŸ”΄ β€œ!root” as an effective user should mean that the user can’t run the command as root, and this is what this exploit bypasses.
Reply Retweet Like
Kristoffer Marshall 3h
Replying to @CrunkComputing
πŸ”΄ The user needs to be in sudoers, with access to a command that could be harmful if ran as root. πŸ”΄ ALL needs to be one of the keywords in the Runas specifier. πŸ”΄ This exploit does not allow the user to run anything not defined in the list of commands. Continued...
Reply Retweet Like
Kristoffer Marshall 3h
So if you've read about the sudo vulnerability that people are losing their minds over, pause for a second (CVE-2019-14287). It's most likely effective in fringe scenarios, as multiple things need to be in place for it to work.
Reply Retweet Like
Kristoffer Marshall 3h
Replying to @TheHackersNews
Here's a much better explanation of how this works, IMHO.
Reply Retweet Like
Kristoffer Marshall 3h
We're also finding that ALL needs to be a directive for effective users as well. Example: [ WORKS ] test2 ALL=(pi, ALL, !root) /usr/bin/vim [ DOESN'T WORK ] test2 ALL=(pi, !root) /usr/bin/vim
Reply Retweet Like
Kristoffer Marshall 6h
Replying to @TaelurAlexis @ar4v3n
One one hand - free cake and a $10k reward. On the other hand - free cake and no $10k reward. Either way, free cake is free cake.
Reply Retweet Like
Kristoffer Marshall 6h
Replying to @CrunkComputing
For example; I've used quite a few APIs that require Base64 encoded credentials, and they don't play nicely when there's that newline character. Make note - Base64 is encoding, not encryption.
Reply Retweet Like
Kristoffer Marshall 6h
Replying to @CrunkComputing
If you're wondering about the 'n' flag for echo, that will make it omit the \n character (newline). This is a good habit to get into, especially when encoding, since that newline character will make itself into the result, which can potentially screw things up.
Reply Retweet Like
Kristoffer Marshall 6h
Whenever decoding potentially sensitive information, please don't do this with an online decoder. You don't know where that information is going to end up, and it can sometimes tip off attackers that they've been found. Instead, do any decoding locally, if possible.
Reply Retweet Like
Kristoffer Marshall 7h
Replying to @emilesnyder
It is on a case-by-case basis.
Reply Retweet Like
Kristoffer Marshall 7h
Replying to @CrunkComputing
On using the 'n' flag with echo, this really comes down to what's going to be happening with the string. When you're encrypting a password with Base64, which is common with a lot of APIs, you don't want that newline in there, so use '-n' for sure.
Reply Retweet Like
Kristoffer Marshall 8h
Hey pentesters and other security folk! Go search GitHub with your company's name and aliases. Heck, maybe even do the same for your vendors and clients. You may find some interesting stuff.
Reply Retweet Like
Kristoffer Marshall 9h
Replying to @DoogerNorth
Does anyone know where this is from? I know it's a popular webcam in a beer store in Russia, but I can't find the link any longer.
Reply Retweet Like
Kristoffer Marshall retweeted
Never mind. Oct 12
My nominee for cashier of the year.
Reply Retweet Like
Kristoffer Marshall retweeted
Kyle Oct 13
Why is it always at an airport?
Reply Retweet Like
Kristoffer Marshall 23h
Replying to @scrothers
It's from an AliExpress listing for something electronic. Honestly, I can't remember what I was looking at.
Reply Retweet Like
Kristoffer Marshall Oct 13
Replying to @dorrismccomics
The doppleganging force is strong.
Reply Retweet Like