PT0-002 Question #457: Real Exam Question with Answer & Explanation

The correct answer is C: Executing the command sudo vi -c '!bash'. When the penetration tester has NOPASSWD privileges to run vi as root, the quickest way to escalate privileges is to leverage vi to execute a shell. The command sudo vi -c ':!bash' opens vi as the root user and immediately spawns a shell within vi. This method is fast and effecti

Post-exploitation and lateral movement

Question

After obtaining a reverse shell connection, a penetration tester runs the following command: Which of the following is the fastest way to escalate privileges on this server?

Options

AEditing the file /etc/passwd to add a new user with uid 0
BCreating a Bash script, saving it on the /tmp folder, and then running it
CExecuting the command sudo vi -c '!bash'
DEditing the file/etc/sudoers to allow any command

Explanation

When the penetration tester has NOPASSWD privileges to run vi as root, the quickest way to escalate privileges is to leverage vi to execute a shell. The command sudo vi -c ':!bash' opens vi as the root user and immediately spawns a shell within vi. This method is fast and effective because vi (or vim) has the capability to run shell commands. Executing sudo vi -c ':!bash' will open vi and then immediately run the :!bash command, which spawns a Bash shell with root privileges.

Topics

#Privilege Escalation#Sudo Vulnerabilities#Linux Exploitation#Post-exploitation

Community Discussion

No community discussion yet for this question.

Full PT0-002 Practice Browse All PT0-002 Questions