I’ve read the writeup now as I wanted to progress, but the way this box is designed is less than ideal.
If you use Pwnbox to attack the target, and if things don’t work out remotely I assume people will normally check what a given command does on the machine they run the attack from but on the Pwnbox sudo doesn’t require password authentication, so users are lead to believe the target system might work in a similar fashion, but in this case apparently it doesn’t. Also, on the target you can’t just check the sudoers setup due to a lack of authorizations. For a box that’s aimed at beginners I would think this is a very poor experience. Just my 0,02€.
For some reason sudo -l will not work in sqlmap --os-shell. I was able to “guess” the program which is being asked in the next question – vi – but I don’t seem to be able to run sudo at all. I’d try something else but the hint explicitly suggests to run sudo -l which makes me wonder whether this box is working as intended.
I don’t want to have to read the writeup unless I really have to. Any pointers appreciated.
PS I’m running sqlmap --os-shell -r request.txt with request.txt off burp. Mind you I can execute
commands, just sudo won’t work.
PS2 --parse-errors doesn’t really help all that much, “[WARNING] parsed DBMS error message: ‘program “sudo -l” failed’”
PS3 request.txt
GET /dashboard.php?search=ZEUS HTTP/1.1
Host: 10.129.163.125
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Referer: http://10.129.163.125/dashboard.php
Cookie: PHPSESSID=15o2sepdcqhuvp8l3hoov8e6em
Upgrade-Insecure-Requests: 1
Sec-GPC: 1