Lin Security

Lin Security Vulnhub walkthrough

Exploitation

This machine does not need enumeration because the author already gave us a credentials and this machine is let us to practice our privilege escalation skills

After logged in using the credentials

Privilege Escalation

we then can type sudo -l

We can see a lot of user rights exploit

Method 1 ( User Rights)

We can go to this website and get the cheat sheet from it hehe. A lot is very easy so we are not gonna cover everything.

/bin/ash

/bin/ed

/usr/bin/env

/usr/bin/expect

/usr/bin/find

/usr/bin/more

/usr/bin/scp

/usr/bin/socat

On our machine

On target machine

/usr/bin/ssh

/usr/bin/pico

/usr/bin/rvim

/usr/bin/tclsh

/usr/bin/git

Method 2 hash passwords

When we cat /etc/passwd, we can see all the users available in the system, then we can see a user has a hash

Put it at hashcat and we can decode the hash

We got the password and su to user insecurity, then we can get root

Method 3 cron jobs

If we type cat /etc/crontab we can see that there is a backup running every 1 minute

If we la -la /etc/backups

We can see that tar file. If you read this article on this website, here we have a very details explanation

On our machine

On target machine

After wait for 1 minute then we can get a shell.

PreviousDerpNStinkNextW34KN3SS

Last updated

Was this helpful?