A few weeks ago, we posted a security challenge in our article - “How I got root with Sudo”. This post generated much discussion on social media and was focused around how to escalate privileges on real world examples of insecure configurations of Sudo.
Now that everyone’s had the time to have a go, we are ready to put some people out of their misery and publish the answers!
As we mentioned, there was more than one way to solve the challenge and at Securus, we came up with at least two ways to get a root shell; an “easy” way and an “intrusive” way. Numerous people responded with varying solutions, but overall all submissions fell into either categories.
Congrats to the 3 people found the intrusive way and the 15 who managed to find the easy way.
Read more: https://www.securusglobal.com/community/2014/05/14/solutions-to-the-sudo-challenge/