Hyped for the last privilege escalation we need to do for a university lab about penetration testing.
Spent the whole night yesterday until 5AM to get root on a machine. After trying out a lot of stuff, the solution was to put PATH="$HOME/bin:$PATH" into the .bashrc of the user and then create a file which reads standard input and writes that into a file under $HOME/bin/sudo since the user we got access to is regularly logged into using ssh and calls sudo -S.
This took so long to find out but it's very rewarding to have finally figured it out. Had to read a lot about login shells vs non-interactive shells etc. I found the solution after I basically already gave up but wanted to try out one last thing... I was shocked when it actually worked lol
Now I am hyped for the last machine. Maybe we'll also find a solution there now. We've been stuck at the two last privilege escalations for 2 weeks now.
PATH="$HOME/bin:$PATH"into the.bashrcof the user and then create a file which reads standard input and writes that into a file under$HOME/bin/sudosince the user we got access to is regularly logged into usingsshand callssudo -S.