Unix 27
Bookmarked!This exercise is one of our challenges to help you learn more about Unix/Linux
This challenge focuses on privilege escalation through misconfigurations of the sudo
command. You will log in with the username pentesterlab
and password pentesterlab
, and explore how to run commands as another user, victim
, using sudo
. By leveraging sudo -l
, you can see which commands you are authorized to run. The lab offers two primary ways to solve the challenge: reading a file containing a key directly or gaining a shell as the victim
user to access the key.
For reading the file, you can specify the file's path directly on the command line or open it inside vim
using the :r [PATH]
command. To gain a shell as the user victim
, you can start vim
and type :!/bin/bash
to run /bin/bash
. Since vim
runs as the victim
user under sudo
, the new shell will also run as victim
, allowing you to access the key in their home directory. This lab provides a practical demonstration of how sudo
misconfigurations can be exploited for privilege escalation.