TryHackMe - Linux Privilege Escalation: Kernel Exploits

This article discusses the solution for TryHackMe's Linux Privilege Escalation Kernel Exploits tasks so proceed with caution.

I would suggest that you try to solve it on your own as you will learn a lot in the process of attempting. Try to give it your all until you feel that you are really hopelessly stuck.

Privilege Escalation Kernel Exploits Solution

Notes

• Kernel manages communication between components.

• Kernel exploit usually leads to root privileges

• Steps:

  • kernel version

  • search if kernel version has an exploit

    • Linux Kernel CVEs

    • Exploit DB

• Be careful as exploit may lead to irreversible damage. Check the scope of the project.

What is the content of the flag1.txt file?

1. Identify kernel version by executing the following command:

    uname -r
   

1. We have determined that the kernel version is 3.13.0-24-generic. Now let's search the net for exploit we can use. We have found an exploit in Exploit DB

2. Let's find folders which our current user has permission to write to:

find / -writable -type d 2>/dev/null

or

find / -perm -222 -type d 2>/dev/null

or

find / -perm -o w -type d 2>/dev/null

1. Let's cd /tmp as our current user has permission to write in that folder.

1. Let' create a exploit file nano exploit.c and paste the code we found in Exploit DB.

2. Run the following commands to spawn a root terminal:

gcc exploit.c -o exploit
./exploit

1. Now to get the flag1.txt file.

cat /home/matt/flag1.txt

Answer: THM-28392872729920

Until next time. Keep learning.

Stay stoked and code. :)

---

I hope you can voluntarily Buy Me A Coffee if you found this article useful and give additional support for me to continue sharing more content for the community. :)

Thank you very much. :)