๐Linux PrivEsc Arena [WIP]
Students will learn how to escalate privileges using a very vulnerable Linux VM. SSH is open. Your credentials are TCM:Hacker123
| Room Attributes | Value |
|---|---|
Subscription Required | False [Free] |
Type | Walkthroughs |
Difficulty | Medium |
Tags | Security, Linux, PrivEsc |
Task 1 [Optional] Connecting to the TryHackMe network
Read the above.
No answer needed
Task 2 Deploy the vulnerable machine
Deploy the machine and log into the user account via SSH (or use the browser-based terminal).
No answer needed
Task 3 Privilege Escalation - Kernel Exploits
Click 'Completed' once you have successfully elevated the machine
No answer needed
Task 4 Privilege Escalation - Stored Passwords (Config Files)
What password did you find?
What user's credentials were exposed in the OpenVPN auth file?
Task 5 Privilege Escalation - Stored Passwords (History)
What was TCM trying to log into?
Who was TCM trying to log in as?
Naughty naughty. What was the password discovered?
Task 6 Privilege Escalation - Weak File Permissions
What were the file permissions on the /etc/shadow file?
Task 7 Privilege Escalation - SSH Keys
What's the full file path of the sensitive file you discovered?
Task 8 Privilege Escalation - Sudo (Shell Escaping)
Click 'Completed' once you have successfully elevated the machine
No answer needed
Task 9 Privilege Escalation - Sudo (Abusing Intended Functionality)
Click 'Completed' once you have successfully elevated the machine
No answer needed
Task 10 Privilege Escalation - Sudo (LD_PRELOAD)
Click 'Completed' once you have successfully elevated the machine
No answer needed
Task 11 Privilege Escalation - SUID (Shared Object Injection)
Click 'Completed' once you have successfully elevated the machine
Task 12 Privilege Escalation - SUID (Symlinks)
What CVE is being exploited in this task?
What binary is SUID enabled and assists in the attack?
Task 13 Privilege Escalation - SUID (Environment Variables #1)
What is the last line of the "strings /usr/local/bin/suid-env" output?
strings /usr/local/bin/suid-env" output?Task 14 Privilege Escalation - SUID (Environment Variables #2)
What is the last line of the "strings /usr/local/bin/suid-env2" output?
strings /usr/local/bin/suid-env2" output?Task 15 Privilege Escalation - Capabilities
Click 'Completed' once you have successfully elevated the machine
No answer needed
Task 16 Privilege Escalation - Cron (Path)
Click 'Completed' once you have successfully elevated the machine
No answer needed
Task 17 Privilege Escalation - Cron (Wildcards)
Click 'Completed' once you have successfully elevated the machine
No answer needed
Task 18 Privilege Escalation - Cron (File Overwrite)
Click 'Completed' once you have successfully elevated the machine
No answer needed
Task 19 Privilege Escalation - NFS Root Squashing
Click 'Completed' once you have successfully elevated the machine
No answer needed
Last updated