===========================================================================
██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██╗ █████╗ ██╗██╗ ██╗██████╗ █████╗ ███████╗
██╔════╝██║ ██║██╔════╝ ╚════██╗██╔═████╗███║██╔══██╗ ███║██║ ██║╚════██╗██╔══██╗╚════██║
██║ ██║ ██║█████╗█████╗ █████╔╝██║██╔██║╚██║╚██████║█████╗╚██║███████║ █████╔╝╚█████╔╝ ██╔╝
██║ ╚██╗ ██╔╝██╔══╝╚════╝██╔═══╝ ████╔╝██║ ██║ ╚═══██║╚════╝ ██║╚════██║██╔═══╝ ██╔══██╗ ██╔╝
╚██████╗ ╚████╔╝ ███████╗ ███████╗╚██████╔╝ ██║ █████╔╝ ██║ ██║███████╗╚█████╔╝ ██║
╚═════╝ ╚═══╝ ╚══════╝ ╚══════╝ ╚═════╝ ╚═╝ ╚════╝ ╚═╝ ╚═╝╚══════╝ ╚════╝ ╚═╝
Sudo Security Bypass Test
========= By Vivek Yadav (www.shallvhack.com)=========
=============================================================================
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u #$((0xffffffff))" command.
This is a simple Proof of concept to test for recently disclosed Sudo Security Bypass vulnerability known as CVE-2019-14287.
The best suggession for now would be to update the sudo to the version 1.8.28 or above.
Website: www.shallvhack.com
Twitter : www.twitter.com/shallvhack
Facebook : www.facebook.com/shallvhack
Github : https://github.com/shallvhack
LinkedIn : https://in.linkedin.com/in/vyvivekyadav04