awk Privilege Escalation

How to exploit sudoers entry awk editor command Sudo Privilege Escalation

While solving CTF challenges, for privilege escalation we always check root permissions for any user to execute any file or command by executing sudo -l command. (awk Privilege Escalation sudoers file entry )

I add a user hacker for testing and id command to check hacker user group-id and user-id and check our new user for sudo command with sudo su and see the error is user hacker is not allowed to execute /bin/bash as root

awk Privilege Escalation

Lab Setup for SUOD Right Privilege Escalation

Now open your sudoers file this command for adding our user hacker sudoers file

After opening the sudoers file I am adding user hacker for awk editor SUPERUSER command without root password run the command user hacker

awk Privilege Escalation

Again compromise the target system and then move for privilege escalation stage as done above and execute the below command to view sudo user list.

awk Privilege Escalation

we see the AWK language program or script as the root user. Therefore we obtained root access by executing AWK one-liner.

And we see awk editor is without password with superuser root access

awk Privilege Escalation

After awk command, we got a root shell check with the id command

id

Docker privilege escalation link get more privilege escalation here

Leave a Comment