Hello,
I’m currently on the Knowledge Check step for the “Getting Started” Module as part of the Penetration Tester path.
The Knowledge Check page states that there are 2 ways to gain a foothold on the box, and 2 ways to get privilege escalation to root.
I’ve successfully achieved a foothold using both a manual method and the Metasploit method and getting the user flag. Then I was able to elevate privileges to root (and obtain the root.txt flag) by exploiting the NOPASSWD sudo for /usr/bin/php for the www-data user.
However, I’m having difficulty finding the 2nd method for privilege escalation. I’ve run linpeas.sh and LinEnum.sh and have attempted a few of the exploits of CVEs that get pointed out in the linpeas.sh results (to no avail, realizing for most of them the box is missing either software or libs required for the exploits to work…as far as I can tell).
Any pointers or tips on the 2nd method for privilege escalation?
This is my first time posting so please let me know if I’m in the wrong place.
Thanks for any help!