Course

In this lab, you will explore privilege escalation techniques by leveraging misconfigurations in the `sudo` command. The `sudo` command allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. By using `sudo -l`, you can list the commands you're authorized to run. In this specific challenge, the user `pentesterlab` is allowed to run the `less` command as the user `victim`.

There are two main methods to solve this challenge: you can either directly read the file containing the key by specifying its full path or by opening the file inside `less` using `:e [PATH]`. Alternatively, you can gain a shell as the `victim` user by starting `less` and then typing `!/bin/bash` to execute `/bin/bash`. Since `less` runs as the `victim` user due to `sudo`, the new shell will also run as the `victim` user. Once you obtain the shell, the key will be located in the home directory of the `victim` user.