Check Sudo List

Even a regular user may sometimes be granted access to the certain commands, tools or scripts through the sudoers list. This can open up the opportunity to bump up privilege.

You can list the sudo commands and scripts that the current user has access to using the command,

sudo -l

Access to script

Say for example the above command displays a script that you have access to, then it is a simple matter of adding the line "/bin/bash -i" to the script and then executing it. Since the script is being executed as sudo, all commands under it will also be executed as sudo.

Nano access to a folder

Now if you have Nano access to a specific folder as sudo, then you can acccess other folders through that folder.

For e.g. if you had access to "/home/david" then you can access "/home/david/../../etc/sudoers" to modify the file and grant yourself more access.

haris ALL=(ALL) NOPASSWD:ALL #include or modify this line
sudo -i #Execute this command after the modification

Vi access

With sudo access to Vi, its even easier to bump up the privilege by simply executing one of the following two commands,

Open a file to edit using the command,

sudo vi bumpup.sh

Then switch to command mode and execute the command ":!bash"

Alternatively, you can also bump up by simply executing the command,

sudo vi -c '!bash'`