I'm solving CTF challenge, and have to escalate the privilege from user1 to user2, $HOME is read-only, so i can't change
$HOME/.bashrc
.sudo -l
shows(user2) NOPASSOWRD: /usr/rbash --
i can't write any commands before or after --, it doesn't escalate.
I must get user2 privilege to read a file owned by it, any idea how to get through this?
while $HOME
is user1 home, sudo -u user2 rbash --
will cd me to my home $HOME/jail
. in a restricted shell, and PATH is set to $HOME/jail, i have tested all possible commands that i can use to escape jail, i almost left nothing, so i can tell that $HOME/jail
is empty directory!