📓
Pentesting
  • Writeups
  • HackTheBox
    • Easy Machines
      • Beep Writeup
      • Shocker Writeup
      • Lame Writeup
      • Jerry Writeup
      • Legacy Writeup
      • Blue Writeup
  • TryHackMe
    • Walkthroughs: Easy
      • CC: Steganography
      • Cryptography for Dummies
      • Cross-site Scripting
      • SQL Injection Lab
      • SQL Injection
      • ZTH: Web 2
      • SSRF
      • XXE
      • Authenticate
      • Injection
      • Blaster
      • The Cod Caper
      • Hardening Basics Part 1
      • What the Shell?
      • Game Zone
      • Upload Vulnerabilities
      • Bolt
      • Erit Securus 1
      • CC: Pentesting
      • JavaScript Basics
      • OverPass 2 - Hacked
      • Linux: Local Enumeration
      • Ice
      • Linux Backdoors
      • Avengers Blog
      • DNS in Detail
      • Putting it all together
      • Kenobi
      • Common Linux Privesc
      • Network Services 2
      • Network Services
      • The Hacker Methodology
      • The Find command
      • HTTP in Detail
      • Web Fundamentals
      • How Websites Work
      • Introductory Networking
    • Challenges (CTF): Easy
      • VulNet: Roasted
      • VulNet: Internal
      • Git Happens
      • Kiba
      • VulNet: Node
      • Memory Forensics
      • Smag Grotto
      • Investigating Windows
      • Cat Pictures
      • Juicy Details
      • Anthem
      • Tony The Tiger
      • Jack-of-All-Trades
      • JPGChat
      • Blueprint
      • All in One
      • Gotta Catch'em All
      • Mustacchio
      • Break Out The Cage
      • HeartBleed
      • Poster
      • Madness
      • Source
      • Thompson
      • Library
      • Magician
      • Anonforce
      • Dav
      • GLITCH
      • Fowsniff CTF
      • Team
      • H4cked
      • Easy Peasy
      • ColddBox: Easy
      • Archangel
      • Cyborg
      • Chocolate Factory
      • Brute It
      • Year of the Rabbit
      • ChillHack
      • Gaming Server
      • Brooklyn Nine Nine
      • Wgel CTF
      • Tomghost
      • ToolsRus
      • Skynet
      • Startup
      • Agent Sudo
      • Lian-Yu
      • OhSINT
      • Overpass
      • Crack The Hash
      • Ignite
      • Inclusion
      • Bounty Hunter
      • LazyAdmin
      • RootMe
      • Pickle Rick
      • Basic Pentesting
      • Simple CTF
  • Crackmes.one
    • 1 Difficulty Rating
      • easyAF
      • Easy Keyg3nme
Powered by GitBook
On this page
  • Understanding Privilege Escalation
  • Direction of Privilege Escalation
  • Enumeration
  • Abusing SUID/GUID Files
  • Exploiting Writeable /etc/passwd
  • Escaping Vi Editor
  • Exploiting Crontab
  • Exploiting PATH variable

Was this helpful?

  1. TryHackMe
  2. Walkthroughs: Easy

Common Linux Privesc

PreviousKenobiNextNetwork Services 2

Last updated 3 years ago

Was this helpful?

Understanding Privilege Escalation

Direction of Privilege Escalation

Enumeration

Lets login as user3 as they have told us.

The hostname is polobox

Lets look at the /etc/passwd file

Lets look at how many shells there are on the machine

Lets look at the cronjobs

The critical file that had its permissions changed is /etc/passwd

Abusing SUID/GUID Files

Lets look for SUID files.

Lets run the file

Exploiting Writeable /etc/passwd

First lets switch users and create the hashed password

Now lets edit the file and add the password

Lets save the file and then login.

Escaping Vi Editor

Lets follow the steps

Exploiting Crontab

Lets follow the steps

First we create the msfvenom payload on our machine

Now lets find where the autoscript.sh file is located

Lets echo the shell into the file and start a netcat listener

After a while you should get a reverse shell

Exploiting PATH variable

Lets follow the steps