Sudo
Last updated
Was this helpful?
Last updated
Was this helpful?
Use GTFO bins:
Practice:
When you can't find an exploit on GTFO bins but you can abuse some functionality of the program running. Suppose the program is apache2 then search: sudo apache2 privilege escalation
Some of the exploits wont let you get a shell but they can help you view system files. It errors out the line which it doesn't understand.
Ex: apache2, wget
sudo apache2 -f /etc/shadow
If we get (All, !root) /bin/bash
Find sudo version using: sudo -V
If the version is 1.8.21p2 and password feedback is enabled