0

I've been trying to solve a box. I got into the box by exploiting a web app and got reverse shell so I was www-data. I then found an ssh key that I used to login as another user and I ran sudo -l which showed me which files I could run as root.

I'm struggling with what to do to use this to my advantage.

results from sudo -l

Asks for password when running sudo?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Angela Hewitt
  • 13
  • 3

1 Answers1

1

Without seeing what server.py does, I would suggest performing the following checks:

Do you have write privileges on server.py?

If so, simply edit it to spawn a bash shell as mentioned by ThoriumBR.

Do you have write privileges on python library path?

Usually they are in /usr/lib/python*. If for some reason the directory is writable and server.py import modules such as os, you can edit the module to include reverse shell commands.

Good luck!

fdfdfd
  • 146
  • 5
  • I tried running python using sudo but then it asks for the password? it says NOPASSWD for python, what the hell is going on? – Angela Hewitt Oct 24 '20 at 15:06
  • 2
    I think you should start by gaining a better understanding of how sudo works, and how the shell in general works on Linux. `man sudo` and `man sudo.conf` is great starting point – vidarlo Oct 24 '20 at 19:01
  • 1
    ```sudo -l``` says you can only run the specific command as root with no password: ```/usr/bin/python /home/octopus/webapp/server.py```. It didn't say you can run python as root. If there isn't much you can do with server.py, i would suggest you move on and enumerate other things. – fdfdfd Oct 24 '20 at 21:34
  • Thanks for the help @suppko helped me out lots – Angela Hewitt Oct 27 '20 at 12:16