Target from: CVE Network

Basic, Rootable

CVE-2019-14813 / 0.0.0.0

4: Flags (2:system, env, root)
1: Service
1,400 pts

A direct implementation of the CVE-2019-14813 for ghostscript 9.26a
#headshot

Level 7 / Senior Securitas

Praise / 265th Place

4: Flags found
1: Service discovered
1,400 pts
29 minutes

Do what you can but be the best at it.

This is a target with direct implementation of the CVE-2019-14813 for ghostscript 9.26a and is here to assist in developing exploits for this vulnerability.

Description

A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Environment details

The system is accessible at 10.0.200.13 and runs gs -sDEVICE=ppmraw -dSAFER on port 12345/tcp.

Flags can be found at:

  • /root/ETSCTF
  • /etc/passwd gecos
  • /etc/shadow password hash
  • env variable

References

85 Headshots (newer first)

Ckabos, canary, Caritattriste, Xueba, c0nfirm, Praise, hackercon101, Anointed, sh4yo, TroyLynx, Avilix, doofyr, Pablo977, uApocryphon, cavca2012, michyamrane, SaintMArk, Blame11, darklordbnl
kowalski, 0x4d0k, falconsec, nenandjabhata, ks4v3r, xRuL0, Winsad, L0v3, jaxafed, noother, AskTaimoor, Clientname, Grosik, M4sk0ff, JDgodd, ElleuchX1, xephora, Muzec, wonderchild, abdullahzamir, 0xRar, n3h4l, hacker, g0rchy, Somorc, HuckFinn, bnal5tab, 0xDoge, Tishca, Camas, jraams

2 Writeups by:

hackercon101 (en) 4 - Well writtenc0nfirm (en) Not rated!

Activity Stream

Latest activity on the platform

Praise managed to headshot [CVE-2019-14813], 1 month ago
Praise Gained access to data stored in environmental variables of CVE-2019-14813 for 300 points, 1 month ago
Praise Got the ETSCTF flag under the /root folder of CVE-2019-14813 for 500 points, 1 month ago
Praise Discovered the ETSCTF username flag under an authentication database file of CVE-2019-14813 for 400 points, 1 month ago
Praise Discovered the ETSCTF flag on gecos details of CVE-2019-14813 for 200 points, 1 month ago
Praise Connected to the CVE-2019-14813 service, 1 month ago