TryHackMe - Linux Privilege Escalation: Kernel Exploits

TryHackMe - Linux Privilege Escalation: Kernel Exploits

This article discusses the solution for TryHackMe's Linux Privilege Escalation Kernel Exploits tasks so proceed with caution.

I would suggest that you try to solve it on your own as you will learn a lot in the process of attempting. Try to give it your all until you feel that you are really hopelessly stuck.

Privilege Escalation Kernel Exploits Solution


  • Kernel manages communication between components.

  • Kernel exploit usually leads to root privileges

  • Steps:

  • Be careful as exploit may lead to irreversible damage. Check the scope of the project.

What is the content of the flag1.txt file?

  1. Identify kernel version by executing the following command:

     uname -r

Screenshot 2024-02-11 at 9 15 14 PM

  1. We have determined that the kernel version is 3.13.0-24-generic. Now let's search the net for exploit we can use. We have found an exploit in Exploit DB

  2. Let's find folders which our current user has permission to write to:

find / -writable -type d 2>/dev/null


find / -perm -222 -type d 2>/dev/null


find / -perm -o w -type d 2>/dev/null
  1. Let's cd /tmp as our current user has permission to write in that folder.

Screenshot 2024-02-11 at 9 53 49 PM

  1. Let' create a exploit file nano exploit.c and paste the code we found in Exploit DB.

  2. Run the following commands to spawn a root terminal:

gcc exploit.c -o exploit

Screenshot 2024-02-11 at 10 16 33 PM

  1. Now to get the flag1.txt file.
cat /home/matt/flag1.txt

Answer: THM-28392872729920

Until next time. Keep learning.

Stay stoked and code. :)

I hope you can voluntarily Buy Me A Coffee if you found this article useful and give additional support for me to continue sharing more content for the community. :)

Thank you very much. :)