Exploit for Improper Handling of Exceptional Conditions in Sudo_Project Sudo CVE-2019-14287 CVE-2019-18634

Name: Exploit for Improper Handling of Exceptional Conditions in Sudo_Project Sudo CVE-2019-14287 CVE-2019-18634
Rating: 5 (128 reviews)
2026-04-01 | CVSS 9.0
## https://sploitus.com/exploit?id=B466C778-3EBD-5E09-9A33-7851E748DFEC
# 🐧 Linux Privilege Escalation

Structured notes from the **TCM Security - Linux Privilege Escalation** course, covering enumeration techniques and escalation methods practiced on intentionally vulnerable systems.

![Status](https://img.shields.io/badge/Status-Active-brightgreen) ![Course](https://img.shields.io/badge/Course-TCM_Security-blue) ![Platform](https://img.shields.io/badge/Platform-TryHackMe-red) ![Focus](https://img.shields.io/badge/Focus-Privilege_Escalation-darkred)

*Full process documented — theory, hands-on practice, and what failed and why.*

---

## 📚 Learning Path

| # | Topic | Description |
|---|-------|-------------|
| 1 | [Tips & Resources](./tips_and_resources) | Useful references and cheatsheets |
| 2 | [THM Setup](./thm_setup) | TryHackMe lab environment setup |
| 3 | [System Enumeration](./system_enumeration) | OS, kernel, and system info gathering |
| 4 | [User Enumeration](./user_enumeration) | Users, groups, and privileges |
| 5 | [Network Enumeration](./network_enumeration) | Open ports, interfaces, and connections |
| 6 | [Password Enumeration](./password_enumeration) | Finding stored credentials |
| 7 | [Automated Tools](./automated_tools) | LinPEAS, LinEnum and other tools |
| 8 | [Kernel Exploits](./kernel_exploits) | Exploiting outdated kernels |
| 9 | [Escalation via Stored Passwords](./escalation_via_stored_passwords) | Credentials in files and configs |
| 10 | [Escalation via Weak File Permissions](./escalation_via_weak_file_permission) | Misconfigured file permissions |
| 11 | [Escalation via SSH Keys](./escalation_via_ssh_keys) | Abusing exposed SSH private keys |
| 12 | [Escalating via Sudo Shell Escaping](./escalation_via_sudo_shell_escaping) | GTFOBins and sudo misconfigurations |
| 13 | [Escalation via Extended Functionality](./escalation_via_extended_functionality) | Capabilities and special permissions |
| 14 | [Escalation via LD_PRELOAD](./escalation_via_ld_preload) | Shared library injection |
| 15 | [CVE-2019-14287](./cve-2019-14287) | Sudo policy bypass vulnerability |
| 16 | [CVE-2019-18634](./cve-2019-18634) | pwfeedback buffer overflow |
| 17 | [Escalation via SUID](./escalation_via_suid) | Abusing SUID binaries |

---

## ⚙️ Methodology
```
System & User Enumeration    →  gather OS, user, network info
          ↓
Password & File Enumeration  →  stored creds, weak permissions
          ↓
Automated Scanning           →  LinPEAS, LinEnum
          ↓
Identify Attack Vector       →  SUID, sudo, kernel, CVEs
          ↓
Exploit & Escalate           →  gain root access
          ↓
Document Findings            →  screenshots, commands, output
```

---

## 🛠️ Tools Used

![Nmap](https://img.shields.io/badge/-Nmap-blue) ![LinPEAS](https://img.shields.io/badge/-LinPEAS-red) ![GTFOBins](https://img.shields.io/badge/-GTFOBins-black) ![LinEnum](https://img.shields.io/badge/-LinEnum-orange) ![Metasploit](https://img.shields.io/badge/-Metasploit-blueviolet)

---

## 📁 Each Topic Folder Contains

- Full notes with commands and actual output
- Reasoning behind every technique
- Screenshots of key steps
- Practical examples from TryHackMe labs

---

## 🎓 Course

These notes are based on the **TCM Security - Linux Privilege Escalation** course.
Highly recommended for anyone starting out in offensive security.

---

## ⚠️ Disclaimer

All techniques documented here are practiced on **intentionally vulnerable systems**.
These are strictly for educational purposes.
Never test systems without explicit authorization.

---

*Adarsh Dubey · Cybersecurity Student*