zabbix
Checking for sudo privileges of the zabbix user after making the lateral movement
zabbix@zab:/$ sudo -l
Matching Defaults entries for zabbix on zab:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin,
use_pty
User zabbix may run the following commands on zab:
(ALL : ALL) NOPASSWD: /usr/bin/rsyncThe zabbix user is able to execute the /usr/bin/rsync command as anyone without getting prompted for password
rsync
/Practice/Zab/4-Post_Enumeration/attachments/{63E0A775-8505-4411-B3B2-A681C3F5339D}.png)
According to GTFObins, rsync can be leveraged for privilege escalation