General observations & Tips about Privesc on the machines


these are kind of obvious, but I think these might be helpful for some people because I have gotten some questions that would’ve been answered easily with these methods.

Observation One, the timestamps on filesystem

Since the machines are deliberately set up for the purpose of hacking, they haven’t been in actual use. The usual method is to install an operating system and then change things for the challenge and leave it at that.

The changed system configuration files etc have a timestamp that makes them very visible for simple commands like ls -latr. This often gives away very obvious pointers to possible privesc vectors unless the administrator has done something to timestamps to hide these changes. There are usually some few changes that are not related to the challenge and most are related to installing the necessary stuff.

So far I have only hacked the “easier” machines, not the most difficult ones, so this might not be true for the nightmare stuff where super hackers are forged and tempered.

I’m not sure if it would make the machines more enjoyable if the admin altered the timestamps to hide what has been done to the machine. It definitely would make them more difficult, but perhaps not better or more entertaining. At least people (myself included) seem to have enough challenge even now on the easier machines.

Observation Two, search hashes

Again, this might be obvious, but I think it’s worthwhile to mention this too.

Once you find something, like a password hash or something similar, it is worthwhile to search for it in the internet. Several hashes I have encountered can be found using search engines which then may give instantly an idea for the next step.