Hello, its x69h4ck3r here again.
I am gonna make this quick.
in other to solve this module, we need to gain access into the
target machine via ssh.
after that, we gain super user rights on the user2 user
then escalate our privilege to root user.
please follow my steps, will try to make this as easy as possible.
Step 1: connect to target machine via ssh with the credential provided;
example; ssh -l user1 <target_ip> -p
Step 2: input the given password in the password field.
NB: password text do not show on unix systems.
Step 3: Once connected, verify the directory you are in.
Step 4: Once sure you are in user1, change directory to user2.
example; cd … && cd user2 # this command will put you in user2 directory
Step 5: use the comman below to check if the /bin/bash file is readable
example; sudo -l
output; env_reset, mail_badpass, secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
User user1 may run the following commands on gettingstartedprivesc-385616-5779f4664c-847tn:
(user2 : user2) NOPASSWD: /bin/bash
from the output we see that, we can run the user2 without password,
so we try it on /bin/bash , if no error is gotten, we then procced
to getting our first flag.
Step 6: use this command to view the /flag.txt file
example; cat flag.txt
GAINGING SUPER USER PRIVILEGE
in the /root/.ssh/id_rsa file hold the ssh key, if we can read that,
then we can use it to our advantage in connecting to the ssh
using the root user.
we first have to copy the ssh key, create a new file on our host
machine with the name “id_rsa” and paste the key in there, we will
using this file to connect to the target machine via ssh using the root
Step 1: Read the /root/.ssh/id_rsa file and copy the contents.
example; cat /root/.ssh/id_rsa # copy the contents (ssh key)
Step 2: on your target machine create a new file “id_rsa” and paste the
copied contents in it.
example; nano id_rsa # once open, paste the copied contents (ssh key) and
Step 3: Cross-check you have done a good job by viewing the newly created
example; cat id_rsa
Step 4: change the permissions on the newly created file to be more restrictive.
example; chmod 600 id_rsa
Step 5: Connect to the target server via ssh using the root as user and
the /id_rsa file for authentication, this way we can gain root access.
example; ssh root@<target_ip> -p -i id_rsa
Once connected, you will be in the root folder.
view the contents of the folder with the “ls” command
Step 6: Use the cat command to view the flag in the /flag.txt file
example; cat flag.txt