The Complete Linux Privilege Escalation Course | TryHackMe Junior Penetration Tester

2 min read 9 months ago
Published on Sep 06, 2024 This response is partially generated with the help of AI. It may contain inaccuracies.

Introduction

This tutorial is designed to guide you through the Linux privilege escalation challenge featured in the TryHackMe Junior Penetration Tester pathway. By following these steps, you'll gain practical skills that are useful for preparing for certifications like OSCP and enhance your understanding of Linux security.

Step 1: Understand the Environment

  • Familiarize yourself with the Linux operating system.
  • Know the common types of user accounts
    • Root: The superuser with full system access.
    • Normal Users: Users with limited permissions.

Step 2: Information Gathering

  • Start by gathering information about the system
    • Use the following commands to identify users and their privileges:
      cat /etc/passwd
      
    • Check the groups each user belongs to:
      id username
      

Step 3: Check for SUID and SGID Files

  • SUID (Set User ID) and SGID (Set Group ID) files can be exploited for privilege escalation.
  • List all SUID files:
    find / -perm -4000 -type f 2>/dev/null
    
  • List all SGID files:
    find / -perm -2000 -type f 2>/dev/null
    

Step 4: Examine Running Processes

  • Check for processes running as root:
    ps aux | grep root
    
  • Identify any unusual processes that may indicate a privilege escalation opportunity.

Step 5: Review Scheduled Tasks

  • Look for cron jobs that may be running scripts with elevated privileges:
    crontab -l
    ls -la /etc/cron.*
    
  • Identify scripts that can be modified to gain access.

Step 6: Investigate Configuration Files

  • Check for misconfigurations in files such as
    • /etc/passwd
    • /etc/shadow
  • Misconfigured permissions can provide an opportunity for privilege escalation.

Step 7: Exploit Vulnerabilities

  • Look for software vulnerabilities that can be exploited for privilege escalation.
  • Use tools like searchsploit to find known vulnerabilities in the system's installed software.

Step 8: Escalate Privileges

  • Once vulnerabilities or misconfigurations are identified, use appropriate methods to escalate privileges.
  • Example of using a SUID exploit:
    ./suid_exploit
    

Conclusion

In this tutorial, you learned key steps for executing a Linux privilege escalation challenge. By understanding the environment, gathering information, and exploiting vulnerabilities, you can effectively escalate privileges in a Linux system. For further practice, consider working through additional challenges on TryHackMe or similar platforms to solidify your skills.