Techiepedia
Published in

Techiepedia

Series of CTF machines Walkthrough #6 Linux Privilege Escalation using SUDO permissions.

Hello Hackers, In the last blog we learnt about “Kernel Exploit”, so make sure to read the previous blog, In this blog we are going to learn how to escalate the privileges by exploiting the miss-configured SUDO permissions.

For this blog, I’m using the vulnerable machine from TryHackMe called “Linux Privilege Escalation”.

Let’s Start,

We already have the SSH credentials from TryHackMe, lets use those credentials and login to SSH via terminal.
(ssh karen@IPaddress)

What is SUDO?

The SUDO (superuser do) gives the permission to run any files as root user.”sudo -l” is used to list all the programs that user can run using sudo.

Let’s use the sudo -l command in the victim machine and check for the programs that we can run as a root user.

We can see 3 programs have the sudo permissions to run as a root user. (/find, /less, /nano).

There is a website called ‘gtfobins’ it has a list of Unix binaries that can be used to bypass local security restrictions in miss-configured systems.

By using this gtfobins application, we will search the sudo permission programs and escalate the privileges to root.

Open the gtfobins application and Paste the program name in search bar and click on sudo and you will see the commands, copy those commands and paste in the victim machine and check for the id you will see that you have been escalated as root user.

That’s it for today’s blog, I hope you learned how to exploit miss-configured sudo permission vulnerabilities and escalate the privilege to root, for further write-ups make sure to follow on“Linked-in & Twitter”.

The next writeup will be on “SUID”.

--

--

--

Where Innovation is Composed

Recommended from Medium

Zero Trust Network, a security paradigm.

TryHackMe: Attacktive Directory Walkthrough

Binance Guarantees Authorized Compliance For U.Okay. Comeback

BG Token Burn

SHOULD I USE ANTI-VIRUS SOFTWARE?

An Overview of Layer 3 Switches

Automate your SSH Login to Remote Servers

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
C M UPPIN

C M UPPIN

Cyber Security Researcher || Security Analyst || CTF Player || Webapp Pentester || Ethical Hacker

More from Medium

What is LXC & LXD | How to escalate privileges using LXD in linux systems

Cybersecurity — an Introduction

How to Avoid Brute Force Attack on Windows server | Some methods to Prevent Brute Force Attack!

Bashed | HackTheBox writeup