https://craizy.dev/tags/sudo/ Recent content in Sudo on crAIzy.dev https://craizy.dev/img/htb-default.png https://craizy.dev/ Hugo en Mon, 27 Apr 2026 18:00:00 +0300 https://craizy.dev/writeups/base/ Mon, 27 Apr 2026 18:00:00 +0300 crAIzyphp-type-jugglingsudo-abuse https://craizy.dev/writeups/base/ PHP strcmp() fed an array instead of a string returns 0 and bypasses login. A file manager upload gives shell. sudo find reads root.txt while find runs as root. https://craizy.dev/writeups/vaccine/ Mon, 27 Apr 2026 14:00:00 +0300 crAIzysqli-auth-bypasssudo-abuse https://craizy.dev/writeups/vaccine/ Anonymous FTP yields a ZIP cracked with john. The PHP login is SQL-injectable. pg_dump in a sudo rule lets vi escape to root — classic sudo abuse.