As always, checking for privileges of the current user is the first thing to enumerate after gaining a foothold
sunny
sunny@sunday:~$ sudo -l
user sunny may run the following commands on sunday:
(root) nopasswd: /root/trollThe sunny user is able to execute /root/troll as the root user without getting prompted for password
sunny@sunday:~$ ll /root/troll
/root/troll: Permission denied
sunny@sunday:~$ cat /root/troll
cat: cannot open /root/troll: Permission deniedAs the binary is located at the /root/ directory, I am unable to check what’s in it
sunny@sunday:~$ sudo -u root /root/troll
testing
uid=0(root) gid=0(root)Executing the binary prints out a string and what appears to be the output of the id command