Sudo (NOPASSWD) service - Privilege Escalation
If you ever get to run “service” command with root privileges, you can escape from restricted shell to root.
In this example /etc/sudoers has allowed an user to run this program as root without password need.
1. sudo -l
2. Now that we know the command can be run without password need
- sudo service ../../../bin/bash