Linux priv esc Environment Enumeration help please

It’s a very great exercise. There are two ways to solve 1. brute forcing; use grep and 2. Artist way; use the other user.
PrivEsc does not always means going directly to the ROOT! Taking over some other user account is also a PrivEsc!

can u help me with the command,iam trying this from 1hr and seems like the content in this module isnt helping

Exactly. there is that hidden file, modified in 2023 but I don’t know how to open it. Were you able to open it?

A couple things that could help:

  1. sudo -l (L small letter)
  2. GTFOBins.github.io

Look for accounts on the victim machine with files with NOPASS access for sudo.

You can use these files to escalate privilege in various ways.

The only file I can use from sudo with htb-student is ncdu, nothing useful.

On GTFO there are vulnerabilities for ncdu, but when I run it as sudo it doesn’t give me permission to run it. it’s strange

When I use sudo -l it prints me :
(ALL, !root) /bin/ncdu

Just this, could you give me a hand?

Remember you can use sudo to run as a different user.

Once you’ve done that explore the files that are available on the other user’s desktop and look at the files mentioned.

Try to start by analyzing the contents of users’ home directories, as they often contain sensitive data. Pay attention to files that may contain passwords, keys, configuration files or other sensitive information. These can be files like .bash_history, .ssh, .gnupg, .aws, .mysql_history, .viminfo and others. Also pay attention to the contents of the /etc and /var directories, where configuration files and system logs may be stored. Additionally, check for hidden files and directories using the ls -a command.