jjs
The presence of the jjs was initially discovered earlier right after gaining a foothold to the target system.
mango@mango:/var/www$ find / -name jjs -perm -04000 -ls -type f 2>/dev/null
274666 12 -rwsr-sr-- 1 root admin 10352 Jul 18 2019 /usr/lib/jvm/java-11-openjdk-amd64/bin/jjsThe binary exists with both SUID and SGID bits set and that was later confirmed by PEAS as well
Now that I have compromised the admin user, I will be able to access the jjs binary
the jjs binary is a command-line tool included in the Java Development Kit (JDK) starting from version 8. It allows executing JavaScript code within a Java Virtual Machine (JVM) environment, making it possible to seamlessly integrate JavaScript with Java applications. This tool is particularly useful for scripting, embedding JavaScript within Java applications, and performing various tasks related to JavaScript execution within the JVM.
while being useful for development and scripting, it is also useful for privilege escalation as listed by gtfobins
Particularly, if the binary either has SUID bit set or is set by sudo, it can be abused for privilege escalation
Moving on to the Privilege Escalation phase