www-data
Checking for sudo privileges of the www-data account after perform a manual system enumeration
cmd $ sudo -l
Matching Defaults entries for www-data on cute:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User www-data may run the following commands on cute:
(root) NOPASSWD: /usr/sbin/hping3 --icmpThe www-data account is able to execute the /usr/sbin/hping3 --icmp command as the root account
hping3
hping3 was also a SUID/SGID binary and it was confirmed by PEAS
/Play/BBScute/4-Post_Enumeration/attachments/{60308CCE-79D2-496F-B053-F52E6C3D21E2}.png)
/Play/BBScute/4-Post_Enumeration/attachments/{9B433722-EFB8-4D29-A25E-6419C109F3D8}.png)
The hping3 binary can be leveraged for privilege escalation if configured with either sudo or as SUID