Day 11 - The Rogue Gnome
Date: 11, December, 2020
Author: Dhilip Sanjay S
Learning Objectives
Privilege Escalation
Horizontal
Horizontal privilege escalation attack involves using the intended permissions of a user to abuse a vulnerability to access another user's resources who has similar permissions to you.
Vertical
Vertical privilege escalation attack involves exploiting a vulnerability that allows you to perform actions like commands or accessing data acting as a higher privileged account such as an administrator.
Enumeration
Find SSH key
For script kiddies
Transfer using Python webserver or netcat
Covering tracks
/var/log/auth.log
/var/log/syslog
/var/log/<service/ -/var/log/apache2/access.log
Note: Don't shred these files in a real pentesting.
Solutions
What type of privilege escalation involves using a user account to execute commands as an administrator?
Answer: vertical
What is the name of the file that contains a list of users who are a part of the sudo group?
Answer: sudoers
Enumerate the machine for executables that have had the SUID permission set. Look at the output and use a mixture of GTFObins and your researching skills to learn how to exploit this binary.
Answer:
find / -perm -u=s -type f 2>/dev/null
What are the contents of the file located at /root/flag.txt?
Answer: thm{2fb10afe933296592}
Steps to Reproduce: Since we have SUID set on
usr/bin/bash
, we can abuse it to get root privilege:Boom! Now you are root. Go get the flag!
Last updated