shelly
Checking for sudo privileges of the shelly user after making some basic enumeration
shelly@shocker:/home/shelly$ sudo -l
matching defaults entries for shelly on shocker:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
user shelly may run the following commands on shocker:
(root) nopasswd: /usr/bin/perlThe shelly user is able to execute the /usr/bin/perl command with sudo privileges
perl
According to GTFObins, perl can be abused to escalate privileges to the root user if configured to run with sudo
Moving on to the Privilege Escalation phase