đŸš©
THM Walkthroughs
  • THM Walkthroughs
    • đŸ§‘â€đŸ«Tutorial
  • 🟩Difficulty: Info
    • 🔌What is Networking?
    • 🔌Intro to LAN
    • 🐧Linux Fundamentals
      • 🐧Linux Fundamentals Part 1
        • Task 2 - A Bit of Background on Linux
        • Task 4 - Running Your First few Commands
        • Task 5 - Interacting With the Filesystem!
        • Task 6 - Searching for Files
        • Task 7 - An Introduction to Shell Operators
      • 🐧Linux Fundamentals Part 2
        • Task 3 - Introduction to Flags and Switches
        • Task 4 - Filesystem Interaction Continued
        • Task 5 - Permissions 101
        • Task 6 - Common Directories
      • 🐧Linux Fundamentals Part 3
        • Task 3 - Terminal Text Editors
        • Task 4 - General/Useful Utilities
        • Task 5 - Processes 101
        • Task 6 - Maintaining Your System: Automation
        • Task 8 - Maintaining Your System: Logs
    • đŸȘŸWindows Fundamentals
      • đŸȘŸWindows Fundamentals 1
      • đŸȘŸWindows Fundamentals 2
      • đŸȘŸWindows Fundamentals 3
    • 🔓Principles of Security
    • 🐍Python Basics
    • 🔍History of Malware
    • đŸŠčCommon Attacks
    • đŸ–„ïžSecurity Awareness
    • ⚔Intro to Offensive Security
    • đŸŠčPentesting Fundamentals
    • 🔓CVE Walkthroughs
      • đŸ–„ïžSudo Security Bypass: CVE-2019-14287
      • đŸ–„ïžSudo Buffer Overflow: CVE-2019-18634
      • đŸ–„ïžBaron Samedit: CVE-2021-3156
      • đŸ–„ïžOverlayFS: CVE-2021-3493
      • đŸ–„ïžPolkit: CVE-2021-3560
      • đŸ–„ïžPwnkit: CVE-2021-4034
      • đŸȘ¶Apache HTTP Server Path Traversal: CVE-2021-41773/42013
      • đŸ§»Dirty Pipe: CVE-2022-0847
      • 🟱Spring4Shell: CVE-2022-22965
    • 🟧Burp Suite
      • 🟧Burp Suite: The Basics
      • 🟧Burp Suite: Repeater
    • 🏁Challenges
      • ‎Bypass Disable Functions
    • đŸŽŸïžTHM PROMOs
      • đŸŽŸïžLearn and win prizes [PROMO ENDED]
      • đŸŽŸïžLearn and win prizes #2 [PROMO ENDED]
  • đŸŸ©Difficulty: Easy
    • 🚀Learning Cyber Security
    • 🔁The Hacker Methodology
    • 🔍Google Dorking
      • Task 2 - Let's Learn About Crawlers
      • Task 4 - Beepboop - Robots.txt
      • Task 5 - Sitemaps
      • Task 6 - What is Google Dorking?
    • 🐝OWASP Top 10
      • Task 5 - Command Injection Practical
      • Task 7 - Broken Authentication Practical
      • Task 11 - Sensitive Data Exposure (Challenge)
      • Task 13 - XML External Entity - eXtensible Markup Language
      • Task 14 - XML External Entity - DTD
      • Task 16 - XML External Entity - Exploiting
      • Task 18 - Broken Access Control (IDOR Challenge)
      • Task 19 - Security Misconfiguration
      • Task 20 - Cross-site Scripting
      • Task 21 - Insecure Deserialization
      • Task 24 - Insecure Deserialization - Cookies
      • Task 25 - Insecure Deserialization - Cookies Practical
      • Task 30 - Insufficient Logging and Monitoring
    • 📡Nmap
      • Task 2 - Introduction
      • Task 3 - Nmap Switches
      • Task 5 - TCP Connect Scans
      • Task 6 - Scan Types SYN Scans
      • Task 7 - UDP Scans
      • Task 8 - NULL, FIN and Xmas
      • Task 9 - ICMP Network Scanning
      • Task 10 - NSE Scripts Overview
      • Task 11 - Working with the NSE
      • Task 12 - Searching for Scripts
      • Task 13 - Firewall Evasion
      • Task 14 - Practical
    • 📡RustScan
      • Task 2 - Installing RustScan
      • Task 5 - Extensible
      • Task 7 - Scanning Time!
      • Task 8 - RustScan Quiz
    • 🐙Crack the hash
    • 🌍OhSINT
    • 🧑‍🚀Vulnversity
    • 🧊Ice
    • đŸȘŸBlue
    • 🎄Advent of Cyber 4 (2022)
  • 🟹Difficulty: Medium
    • đŸȘŸAttacktive Directory
      • Task 3 - Welcome to Attacktive Directory
      • Task 4 - Enumerating Users via Kerberos
      • Task 5 - Abusing Kerberos
      • Task 6 - Back to the Basics
      • Task 7 - Elevating Privileges within the Domain
      • Task 8 - Flag Submission Panel
    • 💀Mr Robot CTF
    • 🛗Linux PrivEsc
    • 🛗Linux PrivEsc Arena [WIP]
    • 🛗Windows PrivEsc Arena
  • 🟧Difficulty: Hard
    • 🐘Hacking Hadoop [WIP]
  • đŸŸ„Difficulty: Insane
    • â›șYou're in a cave [WIP]
  • Blank Room (Duplicate Me)
Powered by GitBook
On this page
  • Task 1 [Optional] Connecting to the TryHackMe network
  • Read the above.
  • Task 2 Deploy the vulnerable machine
  • Deploy the machine and log into the user account via SSH (or use the browser-based terminal).
  • Task 3 Privilege Escalation - Kernel Exploits
  • Click 'Completed' once you have successfully elevated the machine
  • Task 4 Privilege Escalation - Stored Passwords (Config Files)
  • What password did you find?
  • What user's credentials were exposed in the OpenVPN auth file?
  • Task 5 Privilege Escalation - Stored Passwords (History)
  • What was TCM trying to log into?
  • Who was TCM trying to log in as?
  • Naughty naughty. What was the password discovered?
  • Task 6 Privilege Escalation - Weak File Permissions
  • What were the file permissions on the /etc/shadow file?
  • Task 7 Privilege Escalation - SSH Keys
  • What's the full file path of the sensitive file you discovered?
  • Task 8 Privilege Escalation - Sudo (Shell Escaping)
  • Click 'Completed' once you have successfully elevated the machine
  • Task 9 Privilege Escalation - Sudo (Abusing Intended Functionality)
  • Click 'Completed' once you have successfully elevated the machine
  • Task 10 Privilege Escalation - Sudo (LD_PRELOAD)
  • Click 'Completed' once you have successfully elevated the machine
  • Task 11 Privilege Escalation - SUID (Shared Object Injection)
  • Click 'Completed' once you have successfully elevated the machine
  • Task 12 Privilege Escalation - SUID (Symlinks)
  • What CVE is being exploited in this task?
  • What binary is SUID enabled and assists in the attack?
  • Task 13 Privilege Escalation - SUID (Environment Variables #1)
  • What is the last line of the "strings /usr/local/bin/suid-env" output?
  • Task 14 Privilege Escalation - SUID (Environment Variables #2)
  • What is the last line of the "strings /usr/local/bin/suid-env2" output?
  • Task 15 Privilege Escalation - Capabilities
  • Click 'Completed' once you have successfully elevated the machine
  • Task 16 Privilege Escalation - Cron (Path)
  • Click 'Completed' once you have successfully elevated the machine
  • Task 17 Privilege Escalation - Cron (Wildcards)
  • Click 'Completed' once you have successfully elevated the machine
  • Task 18 Privilege Escalation - Cron (File Overwrite)
  • Click 'Completed' once you have successfully elevated the machine
  • Task 19 Privilege Escalation - NFS Root Squashing
  • Click 'Completed' once you have successfully elevated the machine
  1. Difficulty: Medium

Linux PrivEsc Arena [WIP]

Students will learn how to escalate privileges using a very vulnerable Linux VM. SSH is open. Your credentials are TCM:Hacker123

PreviousLinux PrivEscNextWindows PrivEsc Arena

Last updated 2 years ago

Room Attributes
Value

Subscription Required

False [Free]

Type

Walkthroughs

Difficulty

Medium

Tags

Security, Linux, PrivEsc

Task 1 [Optional] Connecting to the TryHackMe network

Read the above.

No answer needed

Task 2 Deploy the vulnerable machine

Deploy the machine and log into the user account via SSH (or use the browser-based terminal).

No answer needed

Task 3 Privilege Escalation - Kernel Exploits

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 4 Privilege Escalation - Stored Passwords (Config Files)

What password did you find?

What user's credentials were exposed in the OpenVPN auth file?

Task 5 Privilege Escalation - Stored Passwords (History)

What was TCM trying to log into?

Who was TCM trying to log in as?

Naughty naughty. What was the password discovered?

Task 6 Privilege Escalation - Weak File Permissions

What were the file permissions on the /etc/shadow file?

Task 7 Privilege Escalation - SSH Keys

What's the full file path of the sensitive file you discovered?

Task 8 Privilege Escalation - Sudo (Shell Escaping)

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 9 Privilege Escalation - Sudo (Abusing Intended Functionality)

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 10 Privilege Escalation - Sudo (LD_PRELOAD)

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 11 Privilege Escalation - SUID (Shared Object Injection)

Click 'Completed' once you have successfully elevated the machine

Task 12 Privilege Escalation - SUID (Symlinks)

What CVE is being exploited in this task?

What binary is SUID enabled and assists in the attack?

Task 13 Privilege Escalation - SUID (Environment Variables #1)

What is the last line of the "strings /usr/local/bin/suid-env" output?

Task 14 Privilege Escalation - SUID (Environment Variables #2)

What is the last line of the "strings /usr/local/bin/suid-env2" output?

Task 15 Privilege Escalation - Capabilities

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 16 Privilege Escalation - Cron (Path)

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 17 Privilege Escalation - Cron (Wildcards)

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 18 Privilege Escalation - Cron (File Overwrite)

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 19 Privilege Escalation - NFS Root Squashing

Click 'Completed' once you have successfully elevated the machine

No answer needed

Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag

???

???

???

???

???

???

???

???

???

???

???

???

🟹
🛗
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
TryHackMe | Linux PrivEsc ArenaTryHackMe
https://tryhackme.com/room/linuxprivescarena
Logo