Unix 31

This exercise is one of our challenges to help you learn more about Unix/Linux

PRO
Tier
Medium
< 1 Hr.
12981
Unix Badge

Course


In this challenge, you will use the username `pentesterlab` and the password `pentesterlab` to log in. The main objective is to perform privilege escalation based on `sudo` command misconfigurations. By using `sudo -l`, you can see the commands you are authorized to run. You will need to utilize `perl -e '...'` along with valid Perl code to either print the content of `/home/victim/key.txt` or spawn a shell running as the `victim` user.

The video provides an introduction to the challenge, explaining how `sudo` allows you to run commands as another user, typically root. Created in 1980 as part of Unix, `sudo` stands for "superuser do." Unlike `su`, `sudo` requires your current user password before granting additional privileges. For this specific challenge, you can run Perl as the `victim` user and use it to either read the restricted `key.txt` file or spawn a shell. The goal is to access the key in the file to complete the challenge successfully.

Want to learn more? Get started with PentesterLab Pro! GO PRO