1

I am trying to grasp some basic principles of security in Linux (I used Centos 8.0 and Kali 2020 in the example below).

I found that providing you have an account in a particular system that is in the /et/sudoers and its entry is ALL=(ALL) you can execute every command with sudo. Having said that, we can use less with sudo to list say some log file in /var/log

sudo less /var/log/<some log file here>

once listed we might type !sh inside the less which will give us root console. To the best of my knowledge, this is a post-exploitation technique known as shell escaping.

My question is what's the point of escaping the shell since my account already has capability to run commands with sudo, I mean isn't this the same. Does me receiving this root shell inside the less command give me any more privileges that I can use to further compromise a system? And if it does, can we say in the /etc/sudoers that my account can execute all commands with it except less for instance?

lord_sommersby
  • 11
  • 1

1 Answers1

1

If one already has all privileges anyway then using techniques for privilege escalation do not make much sense, except maybe for hiding what you were doing from the logs. Escaping to the shell from inside a command is usually used if one was given only limited privileges, like sudo being restricted to edit a specific file or similar.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Yeah, it makes sense. I asked since it has been presented as post-exploit technique in a demo of a course I am going to enroll in but even with my limited understanding of security it didn't seem useful. Thank you for your response. – lord_sommersby Sep 20 '20 at 16:45