I am really confused, I got the root user, but the flag of ****.txt does not recognize it, is there anything else to do?
I am got file flag *.txt but it is not correct answer, anyone has sugges for first question in this module
its asking for password.
can you give link of docker image that you installed.
Can you please explain the command you have written above?
sudo -u#-1 /u**/bin/ncdu /home/htb-student/
Because as far as I know # symbol means comment in bash or sh shell. what is the meaning of -u#-1 ? And why we did write /u**/bin/ncdu instead of /usr/bin/ncdu?
I cannot find any reference on the internet what does #-1 means in bash shell
Hello 0xMemo
The command “sudo -u” allows you to switch users, but “#-1” refers to the user with UID -1. In Linux, this value is interpreted as 0, which is the UID for the root user. The “#” symbol indicates that the value following it is a UID, not a username.
UID —> User Identifier
I hope this information is helpful to you.
3 Likes
It’s a good exercise as it combines two vulnerabilities. One in sudo, the CVE-2019-14287, and another you can find in GTFOBins.
Always have a look for those GTFOBins when you see some in sudo -l