HTB Academy > Linux Privilege Escalation > Privileged Groups


I am stuck for a week+ on module Linux Privilege Escalation on Privileged Groups. I am able to escalate to root but dont understend how to find flag.

This is question: Use the privileged group rights of the secaudit user to locate a flag.
Hint: Grep within the directory this user has special rights over.

Hey Brother — I have been stuck on this question as well. I have looked through all the directories associated with the “adm” group but have been unable to find the flag.

If I could get a nudge it would be greatly appreciated :slight_smile:

Do you have any hints for this module? I’m also able to escalate to root, looked through all directories associated with the “adm” group but nothing yet. I also looked if there is anywhere some kind of path abuse where the “grep” command would be overwritten to return the flag but also here i didn’t find anything.
I would really appreciate some hints what to do after the privilege escalation.

Hi, I’m not sure if this is the correct way of doing it but I was able to get the flag. You don’t need to escalate to root either.

You can use “find” to search for files/directories that belong to the adm group. Once you’ve done that then you can use grep to search all files that contain the word flag within the directory that was listed from your first find command. Also the ADM section within the module will point you in the right direction for the directories.

Hope that helps

Hi, try to enumerate as the “hint” button say, in the /**r/l*g. You can find interesting files and services folders

1 Like

My hints:


find /var/log/ -group ***


cd /var/log
grep -ri flag

enter the value after flag%20=%20

good luck