Mirror of forum.nim-lang.org

11678 :: Privilege Escalation with Nim Package Manager - John Hammond

[2024-05-30T15:53:12+02:00]

IgnisTempestas (orginal) [2024-05-30T15:53:12+02:00] view original

Came across this earlier: https://www.youtube.com/watch?v=CbceSV5krYQ

Usual cybersecurity YouTube stuff, doesn't seem like there's anything ground breaking here, though someone here may find it interesting.

Hobbyman (orginal) [2024-05-30T22:20:57+02:00] view original

What is the main take-away?

m4ul3r (orginal) [2024-05-30T22:38:06+02:00] view original

It’s based off of an old CVE where input wasn’t properly sanitized and has since been mitigated.

The takeaway is don’t give nimble SUID perms

PMunch (orginal) [2024-05-30T23:18:08+02:00] view original

Yeah, by looking at this it seems like a "perfect storm" kind of scenario built for the CTF. Allowing something like nimble run or nimble install * to be run as other users isn't a great idea.

m4ul3r (orginal) [2024-05-30T23:35:59+02:00] view original

Agreed. I played it and thought it was okay.

It teaches people to enumerate versions of software on the box and see if there are any vulnerabilities, and to enumerate sudo capabilities.

I think it’s always cool to see nim in ctf challenges though, I’ve enjoyed playing a few rev problems in nim.