If it allows you to run any text editor, not just vim, as root then you could just edit the sudoers file to give yourself the ability to run anything, right?
Yes Or just add a new root user in /etc/passwd Or just change roots password hash in /etc/shadow Or just write a new root cronjob in the crontab Or just add your public key in /root/.ssh/authorized_keys (and ofc allow root to ssh in in the ssh config file) In linux, if you can write as root it's trivial to become root :)
Certainly do not attempt this on systems you are not authorized to. This is intended to be educational and exercised in lab environments. Doing it on systems without authorization would be illegal.
Simple yet eloquent very well done great explanation thank u for everything
Thanks!! Got my first Root thanks to this on HTB
Congratulations! Glad to have helped
Man thank you so much.
Simple and quick
Wow..that's so cool
nice video mate
Thank you
those ovh clouds are really hardened. no exploit found so far.
If it allows you to run any text editor, not just vim, as root then you could just edit the sudoers file to give yourself the ability to run anything, right?
Yes
Or just add a new root user in /etc/passwd
Or just change roots password hash in /etc/shadow
Or just write a new root cronjob in the crontab
Or just add your public key in /root/.ssh/authorized_keys (and ofc allow root to ssh in in the ssh config file)
In linux, if you can write as root it's trivial to become root :)
Will you continue your priv esc series?
I do plan on it! I had to take a break from videos for a little while to get my OSCP 😁
thanks
Any suggestions if i cant list my available commands as a sudoer?...password prompted every time.
Are you able to view the /etc/sudoers file? That will show you the same results.
@@c0nd4 Yeahhh. No XD its all locked down. I've found the file thats running as sudo. First experience with GTFObins though.
@@clarb027 Awesome! Let me know if you need any help with it. Good luck using the site. It's extremely helpful.
@@c0nd4 I'll keep researching!
still asking for pass while doing: sudo -l
If that's the case, then you most likely have no sudo access and not limited sudo access. So this method probably isn't what you need.
Time to get written up at my university
Certainly do not attempt this on systems you are not authorized to. This is intended to be educational and exercised in lab environments. Doing it on systems without authorization would be illegal.