InfoSec LAB

luis

checking for sudo privileges of the luis user after making lateral movement

luis@seal:~$ sudo -l
matching defaults entries for luis on seal:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
 
user luis may run the following commands on seal:
    (all) nopasswd: /usr/bin/ansible-playbook *

The luis user is able to execute /usr/bin/ansible-playbook * with sudo privileges

ansible-playbook

According to GTFObins, ansible-playbook can be abused for privilege escalation if configured to run with sudo privileges Moving on to Privilege Escalation phase

InfoSec LAB

Explorer

Seal_Sudo_Privileges_luis

luis

ansible-playbook

Interactive Graph View

Table of Contents

Backlinks