https://www.vulnhub.com/entry/hacksudo-1,650/
Simple walkthrough.
Scan ports.
Scan port 80, check each file's source code, but nothing useful.
Port 8080 is tomcat, with default creds. Use msfconsole to get reverse shell.
Now we are user tomcat.
Upload pspy64, notice that user "hacksudo" runs /home/hacksudo/getmanager, which in turn calls /home/vishal/office/manage.sh.
We can not modity manage.sh directly, but we have write permissions for /home/vishal/office folder.
Del manage.sh, write reverse shell code into a new manage.sh.
Chmod 777 to manage.sh, in order to give hacksudo permission to run.
After a while, we are user hacksudo.
Sudo -l.
Use scp to get shell.
BOOM!
