Series of CTF machines Walkthrough #6 Linux Privilege Escalation using SUDO permissions.

Hello Hackers, In the last blog we learnt about “Kernel Exploit”, so make sure to read the previous blog, In this blog we are going to learn how to escalate the privileges by exploiting the miss-configured SUDO permissions.

For this blog, I’m using the vulnerable machine from TryHackMe called “Linux Privilege Escalation”.

Let’s Start,

We already have the SSH credentials from TryHackMe, lets use those credentials and login to SSH via terminal.
(ssh karen@IPaddress)

What is SUDO?

The SUDO (superuser do) gives the permission to run any files as root user.”sudo -l” is used to list all the programs that user can run using sudo.

Let’s use the sudo -l command in the victim machine and check for the programs that we can run as a root user.

We can see 3 programs have the sudo permissions to run as a root user. (/find, /less, /nano).

There is a website called ‘gtfobins’ it has a list of Unix binaries that can be used to bypass local security restrictions in miss-configured systems.

By using this gtfobins application, we will search the sudo permission programs and escalate the privileges to root.

Open the gtfobins application and Paste the program name in search bar and click on sudo and you will see the commands, copy those commands and paste in the victim machine and check for the id you will see that you have been escalated as root user.

That’s it for today’s blog, I hope you learned how to exploit miss-configured sudo permission vulnerabilities and escalate the privilege to root, for further write-ups make sure to follow on“Linked-in & Twitter”.

The next writeup will be on “SUID”.