🛗Linux PrivEsc Arena [WIP]

Students will learn how to escalate privileges using a very vulnerable Linux VM. SSH is open. Your credentials are TCM:Hacker123

https://tryhackme.com/room/linuxprivescarena
Room Attributes
Value

Subscription Required

False [Free]

Type

Walkthroughs

Difficulty

Medium

Tags

Security, Linux, PrivEsc

Task 1 [Optional] Connecting to the TryHackMe network

Read the above.

Task 2 Deploy the vulnerable machine

Deploy the machine and log into the user account via SSH (or use the browser-based terminal).

Task 3 Privilege Escalation - Kernel Exploits

Click 'Completed' once you have successfully elevated the machine

Task 4 Privilege Escalation - Stored Passwords (Config Files)

What password did you find?

Reveal Flag đŸš©

đŸš©???

What user's credentials were exposed in the OpenVPN auth file?

Reveal Flag đŸš©

đŸš©???

Task 5 Privilege Escalation - Stored Passwords (History)

What was TCM trying to log into?

Reveal Flag đŸš©

đŸš©???

Who was TCM trying to log in as?

Reveal Flag đŸš©

đŸš©???

Naughty naughty. What was the password discovered?

Reveal Flag đŸš©

đŸš©???

Task 6 Privilege Escalation - Weak File Permissions

What were the file permissions on the /etc/shadow file?

Reveal Flag đŸš©

đŸš©???

Task 7 Privilege Escalation - SSH Keys

What's the full file path of the sensitive file you discovered?

Reveal Flag đŸš©

đŸš©???

Task 8 Privilege Escalation - Sudo (Shell Escaping)

Click 'Completed' once you have successfully elevated the machine

Task 9 Privilege Escalation - Sudo (Abusing Intended Functionality)

Click 'Completed' once you have successfully elevated the machine

Task 10 Privilege Escalation - Sudo (LD_PRELOAD)

Click 'Completed' once you have successfully elevated the machine

Task 11 Privilege Escalation - SUID (Shared Object Injection)

Click 'Completed' once you have successfully elevated the machine

Reveal Flag đŸš©

đŸš©???

What CVE is being exploited in this task?

Reveal Flag đŸš©

đŸš©???

What binary is SUID enabled and assists in the attack?

Reveal Flag đŸš©

đŸš©???

Task 13 Privilege Escalation - SUID (Environment Variables #1)

What is the last line of the "strings /usr/local/bin/suid-env" output?

Reveal Flag đŸš©

đŸš©???

Task 14 Privilege Escalation - SUID (Environment Variables #2)

What is the last line of the "strings /usr/local/bin/suid-env2" output?

Reveal Flag đŸš©

đŸš©???

Task 15 Privilege Escalation - Capabilities

Click 'Completed' once you have successfully elevated the machine

Task 16 Privilege Escalation - Cron (Path)

Click 'Completed' once you have successfully elevated the machine

Task 17 Privilege Escalation - Cron (Wildcards)

Click 'Completed' once you have successfully elevated the machine

Task 18 Privilege Escalation - Cron (File Overwrite)

Click 'Completed' once you have successfully elevated the machine

Task 19 Privilege Escalation - NFS Root Squashing

Click 'Completed' once you have successfully elevated the machine

Last updated