Unix 28

In this lab, you will explore privilege escalation techniques by leveraging misconfigurations in the sudo command. The sudo command allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. By using sudo -l, you can list the commands you're authorized to run. In this specific challenge, the user pentesterlab is allowed to run the less command as the user victim.

There are two main methods to solve this challenge: you can either directly read the file containing the key by specifying its full path or by opening the file inside less using :e [PATH]. Alternatively, you can gain a shell as the victim user by starting less and then typing !/bin/bash to execute /bin/bash. Since less runs as the victim user due to sudo, the new shell will also run as the victim user. Once you obtain the shell, the key will be located in the home directory of the victim user.