Linux privilege escalation module

Hello
I am currently in the Linux privilege escalation module section Miscellaneous Techniques. I cant seem to access a root shell. The /etc/exports also don’t seem to be there in the pwnbox
also when I ran the ./shell file as sudo i got access into the machine as root


I don’t know if I am doing something wrong
here is the file shell and it was created as htb-ac521253 user.

cant upload more than one photo this is the file shell permissions

hi, have you find the flag? you should see the contents of /etc/exports of the target machine.
you will see an interesting directory

1 Like

Hi I finally found the answer after several attempts. Shell.c has to be compiled (gcc) with sudo in the attacker machine (10.10.x.x). Then the owner of the file “shell” will be root. Flag can be found with the hint of j0rg3k.

as usual i’m coming here after finding the flag to warn people that most of the modules’ questions are massive bs and the modules usually have details wrong.

in this case the module shows you to compile the shell on the target machine but move it from the attacker’s machine lol. also possibly you don’t have the rights to run ldd on the target machine. so you have to compile on your own machine, but also most probably you don’t have the same glibc (coz the target is old), so you’ll have to compile your shell with the --static option.

so yeah, wrong, not up to date, makes it harder for n00bs. you really need to understand what’s going on and do a lot of research, rather than following the modules themselves.

Hello, I have been going through this module and can’t seem to find the flag. Do you think you could give me a hand?

sure. most probably i forgot most of the stuff but shoot. may still be able to help.

So when you say you have to be in the attack machine should I ‘gcc shell.sh -o shell’ in the root of that machine?

[/mnt]
└──╼ [★]$ gcc shell.sh -o shell
/usr/bin/ld:shell.sh: file format not recognized; treating as linker script
/usr/bin/ld:shell.sh:4: syntax error
collect2: error: ld returned 1 exit status

shell.sh? shouldn’t be a shell script, should be a .c file no?

yeah ok i had a quick look at the Section again. so this is for the Miscellaneous Technique. you have to write a .c file that you compile to a binary with gcc. iirc you can’t do this on the target because you don’t have rights to run ld. so you need to do it on your own machine, then transfer the binary. but most probably when you’re gonna run your compiled binary on the target machine, you’ll get a glibc error message, coz your machine and the target machine don’t use the same version of gcc or whatever shared libraries blah blah blah. so you have to include the libraries in your binary by compiling with the --static option. move the binary on the target, run it, then it’ll work.

Alright thanks. Previously I was able to gcc and chmod but ‘./shell’ did not do anything. I guess that must be the problem. I shall find out in a bit.

maybe some issue with your C code? run it on your own local machine first and see if it works. then only when it does try to transfer it to the target.