InfoSec LAB

prod

Checking for the sudo privileges of the user upon making a Lateral Movement to the prod account

prod@editorial:~$ sudo -l
Matching Defaults entries for prod on editorial:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, use_pty
 
User prod may run the following commands on editorial:
    (root) /usr/bin/python3 /opt/internal_apps/clone_changes/clone_prod_change.py *

The prod account is able to execute the following command as the root user; /usr/bin/python3 /opt/internal_apps/clone_changes/clone_prod_change.py *

clone_prod_change.py

prod@editorial:~$ cat /opt/internal_apps/clone_changes/clone_prod_change.py
#!/usr/bin/python3
 
import os
import sys
from git import Repo
 
os.chdir('/opt/internal_apps/clone_changes')
 
url_to_clone = sys.argv[1]
 
r = Repo.init('', bare=True)
r.clone_from(url_to_clone, 'new_changes', multi_options=["-c protocol.ext.allow=always"])

InfoSec LAB

Explorer

Editorial_sudo_privileges_prod

prod

clone_prod_change.py

Interactive Graph View

Table of Contents

Backlinks