Unix 33
This exercise is one of our challenges to help you learn more about Unix/Linux
This lab focuses on privilege escalation using the sudo
command, a utility that allows users to run commands as another user, often as the root user. You'll start by logging in with the credentials "pentesterlab". The main task is to identify and exploit misconfigurations in the sudo
setup. You'll use the sudo -l
command to list the commands you are authorized to run and then utilize Ruby to execute these commands with elevated privileges.
The challenge will help you become familiar with Ruby, a programming language you'll need in future challenges. By running Ruby's REPL (Read-Eval-Print Loop), you can execute system commands and perform tasks like reading files and starting shells. The goal is to access the file named key.txt
in the home directory, which will confirm your successful privilege escalation.