goat
Checking for sudo privileges of the goat user after making the lateral movement
goat@funbox7:~$ sudo -l
Matching Defaults entries for goat on funbox7:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
User goat may run the following commands on funbox7:
(root) NOPASSWD: /usr/bin/mysqlThe goat user is able to execute the /usr/bin/mysql command as the root account without getting prompted for password
/Play/FunboxEasyEnum/4-Post_Enumeration/attachments/{7194F14C-50F5-43B4-B46E-7AF7980839E8}.png)
According to GTFObins, mysql can be leveraged for privilege escalation