pwn
Checking for sudo privileges of the pwn user after making a lateral movement
pwn@scriptkiddie:~/recon$ sudo -l
matching defaults entries for pwn on scriptkiddie:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
user pwn may run the following commands on scriptkiddie:
(root) nopasswd: /opt/metasploit-framework-6.0.9/msfconsoleThe pwn user is able to execute /opt/metasploit-framework-6.0.9/msfconsole with sudo privileges
according to gtfobins, msfconsole can be used to escalate privileges to the root user if configured with sudo privileges
Moving on to the Privilege Escalation phase