Tags: ssh sudo 

Rating:

#### Short Story
- Please have a look at [https://ctftime.org/writeup/26877](https://ctftime.org/writeup/26877) for Hermit - Part 1 exploit.
- Now can have at look at sudoers file using `cat /etc/sudoers`
- There we will find a special command `sudo /bin/gzip -f /root/rootflag.txt -t` intentionally created to see the flag file under `/root` by unprevilaged user `hermit`.

### Bonus
##### Get full SSH access to the server as `hermit`?

Please have a look at [https://www.youtube.com/watch?v=ANqQd7et2Yg](https://www.youtube.com/watch?v=ANqQd7et2Yg) (~ 3 mins video length).

Original writeup (https://www.youtube.com/watch?v=ANqQd7et2Yg).