Privilege escalation - abusing sudo
April 25, 2024
Hi there - first time posting here
While managing linux-based servers, some commands need to be run as root.
However giving full root privileges to an account might be dangerous. Why should www-data user be able to run /bin/bash as root?
In addition, if a malicious actor accesses the machine using sudo, it gives them new privilege escalation vector.
$ sudo -l
[sudo] password for rick:
Matching Defaults entries for rick on Hijack:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\\:/usr/local/bin\\:/usr/sbin\\:/usr/bin\\:/sbin\\:/bin\\:/snap/bin,
env_keep+=LD_LIBRARY_PATH
User rick may run the following commands on Hijack:
(root) /usr/sbin/apache2 -f /etc/apache2/apache2.conf -d /etc/apache2
(it comes from a TryHackMe box called Hijack)
And that’s our focus today. As a hacker we’ll be learning new ways to elevate our privileges in a system