Linux Local Privilege Escalation - Skills Assessment

Cr0nuS · March 18, 2021, 9:13am

Is there someone who finish this Academy. Because I need help about this?

Cr0nuS · March 18, 2021, 3:04pm

Is there someone who can help?

Hsiao · September 7, 2021, 4:23pm

Hi,I already found external service on target machine and found some sensitive information for this service and went to admin page. But how can I use this external service to read flag4. By file inclusion or other method? Is there anybody can give me some hints? Thanks

Satellite · September 8, 2021, 7:49am

You should enumerate the target with your user permission, Keep your mind, the service you’re targeting, you will find out the credential for logging the service after you have to exploit it to get the right permission and read the flag4

arachn1d · September 20, 2021, 5:28pm

Ok, i’m seriously stuck on the last flag, any hints? Edit: ■■■ i’m an idiot, an unexpected user could execute privileged commands. Good course!

n3tc4t · October 29, 2021, 7:19am

Someone can help me about the last flag?
I use the t…t credential with reverse shell.
I can’t get privilege escalation.

arachn1d · October 29, 2021, 7:32am

Check what commands that user can run.

n3tc4t · October 29, 2021, 7:33am

I check the command with sudo -l but I don’t find the solution for this.

n3tc4t · October 29, 2021, 9:52am

GG for arachn1d

dstnat · December 10, 2021, 1:14pm

Hi friends, im on user whose managed the web app, you know, i have flag 4, this user can do a command , i have used sudo trying preload, but im not allowed yo know, could yo throw me some clues? thanks

chappyroo · December 15, 2021, 8:07am

Same issue as dstnat. I have flag4. I know the command this user can do as sudo. I’ve looked up GTFOBin for this command and ran it (as well as a dozen other variations), but still am not able to get root. Any other clues would be appreciated. Yesterday I tried compiling a file to use with a with ld preloader and packed it in .war uploaded, unzipped and was not able to run either. Been stuck here for 3 days. Help!

dstnat · December 19, 2021, 9:17pm

Stuck on this… any clue?

dstnat · December 22, 2021, 6:13pm

theres somebody could help? thanks in adavance

j0rg3k · January 2, 2022, 5:57am

hi there. the user to access the tomcat manager, is it tomcat or a different user?
I am digging on log files and conf files accessible by user barry/group adm, but no luck

j0rg3k · January 2, 2022, 6:01am

never mind, I’ve found it. I think I mistyped on my first attempt

j0rg3k · January 2, 2022, 6:49am

Hey, I;ve just got flag5. if you got flag4, the way to flag5 is not hard, but tricky.

chappyroo · January 2, 2022, 8:04am

Just solved this. To anyone stuck at this place. The only hint I think I would give in public is to notice that your reverse shell isn’t fully interactive. It is possible and necessary to have a fully interactive tty shell.

sirius3000 · January 14, 2022, 9:30am

Any hints for flag4? Pulling my hair out with it at the moment and getting nowhere No matter…I have it…I was focusing too much on the one thing

Rapunzel3000 · January 18, 2022, 11:58am

Yes, I am also stuck at flag4. I pivoted to user Barry, who is adm group member. Found nothing in the logs. To read flag4, tomcat user privileges are required. I have no idea where to go from here. Pivot to tomcat service role?

sirius3000 · January 18, 2022, 1:22pm

Make sure you’ve identified ALL of the vulnerable applications on the box…one of them will give you what you want…don’t just focus on the one thing