THM Walkthroughs

🛗Linux PrivEsc Arena [WIP]

Students will learn how to escalate privileges using a very vulnerable Linux VM. SSH is open. Your credentials are TCM:Hacker123

PreviousLinux PrivEsc NextWindows PrivEsc Arena

Last updated 2 years ago

Room Attributes

Value

Task 1 [Optional] Connecting to the TryHackMe network

Read the above.

No answer needed

Task 2 Deploy the vulnerable machine

Deploy the machine and log into the user account via SSH (or use the browser-based terminal).

No answer needed

Task 3 Privilege Escalation - Kernel Exploits

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 4 Privilege Escalation - Stored Passwords (Config Files)

What password did you find?

What user's credentials were exposed in the OpenVPN auth file?

Task 5 Privilege Escalation - Stored Passwords (History)

What was TCM trying to log into?

Who was TCM trying to log in as?

Naughty naughty. What was the password discovered?

Task 6 Privilege Escalation - Weak File Permissions

What were the file permissions on the /etc/shadow file?

Task 7 Privilege Escalation - SSH Keys

What's the full file path of the sensitive file you discovered?

Task 8 Privilege Escalation - Sudo (Shell Escaping)

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 9 Privilege Escalation - Sudo (Abusing Intended Functionality)

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 10 Privilege Escalation - Sudo (LD_PRELOAD)

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 11 Privilege Escalation - SUID (Shared Object Injection)

Click 'Completed' once you have successfully elevated the machine

Task 12 Privilege Escalation - SUID (Symlinks)

What CVE is being exploited in this task?

What binary is SUID enabled and assists in the attack?

Task 13 Privilege Escalation - SUID (Environment Variables #1)

What is the last line of the "`strings /usr/local/bin/suid-env`" output?

Task 14 Privilege Escalation - SUID (Environment Variables #2)

What is the last line of the "`strings /usr/local/bin/suid-env2`" output?

Task 15 Privilege Escalation - Capabilities

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 16 Privilege Escalation - Cron (Path)

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 17 Privilege Escalation - Cron (Wildcards)

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 18 Privilege Escalation - Cron (File Overwrite)

Click 'Completed' once you have successfully elevated the machine

No answer needed

Task 19 Privilege Escalation - NFS Root Squashing

Click 'Completed' once you have successfully elevated the machine

No answer needed