wizarddos:

This is the darker side of this blog

Welcome and take a seat

Newest hack:
Privilege escalation - abusing sudo

Hi there - first time posting here

While managing linux-based servers, some commands need to be run as root. However giving full root privileges to an account might be dangerous. Why should www-data user be able to run /bin/bash as root?

In addition, if a malicious actor accesses the machine using sudo, it gives them new privilege escalation vector.

$ sudo -l
[sudo] password for rick:
Matching Defaults entries for rick on Hijack:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\\:/usr/local/bin\\:/usr/sbin\\:/usr/bin\\:/sbin\\:/bin\\:/snap/bin,
    env_keep+=LD_LIBRARY_PATH

User rick may run the following commands on Hijack:
    (root) /usr/sbin/apache2 -f /etc/apache2/apache2.conf -d /etc/apache2

(it comes from a TryHackMe box called Hijack)

And that’s our focus today. As a hacker we’ll be learning new ways to elevate our privileges in a system

What is this place?

That's a darker place in my blog - Here, I'll be sharing everything regarding hacking and cybersecurity

This is the darker side of this blog

Newest hack: Privilege escalation - abusing sudo

What is this place?

Newest hack:
Privilege escalation - abusing sudo