spidey
Checking for sudo privileges of the spidey user after performing a manual enumeration on the spidersociety host.
spidey@spidersociety:/dev/shm$ sudo -l
Matching Defaults entries for spidey on spidersociety:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, use_pty
User spidey may run the following commands on spidersociety:
(ALL) NOPASSWD: /bin/systemctl restart spiderbackup.service
(ALL) NOPASSWD: /bin/systemctl daemon-reload
(ALL) !/bin/bash, !/bin/sh, !/bin/su, !/usr/bin/sudoThe spidey user has sudo privileges to execute the following commands as anyone;
/bin/systemctl restart spiderbackup.service/bin/systemctl daemon-reload!/bin/bash, !/bin/sh, !/bin/su, !/usr/bin/sudo
Given that the current user, spidey, is able to write to the spiderbackup.service service, privilege escalation is achievable.