In this video walk-through, we covered Linux Privilege Escalation through navigating through configuration and history files. This was part of Linux PrivEsc Room.
If a user accidentally types their password on the command line instead of into a password prompt, it may get recorded in a history file.
Config files often contain passwords in plaintext or other reversible formats.
What is the full mysql command the user executed?
What file did you find the root user’s credentials in?