Editing Gone Wrong
overview
You have managed to get access to the "student" account on the client's server. This is bad enough as all the student resources are available to you. You are now trying to escalate privileges to get root. After some digging around and from other sources, you figure out that the same person in the organization uses both the student account and the root account on the system.
Your mission is to escalate privileges, get a root shell on the box and retrieve the flag!
Tasks
You have managed to get access to the "student" account on the client's server. This is bad enough as all the student resources are available to you. You are now trying to escalate privileges to get root. After some digging around and from other sources, you figure out that the same person in the organization uses both the student account and the root account on the system.
Your mission is to escalate privileges, get a root shell on the box and retrieve the flag!
Solutions
Step 1: Open the lab link to access the Kali machine.
Step 2: Check if the target machine is reachable:
Command:
ping -c 4 target.ine.local
The target is reachable.
Step 3: Open firefox, and access the target machine's terminal at http://target.ine.local:8000.
Step 4: There is no specific hint given in this challenge, so start with finding setuid program approach.
Command:
Step 5: No anomaly is there. Move on to finding misconfigured sudo. Check the current sudo capabilities.
Command:
Step 6: The man entry depicts that the man command can be run using sudo without providing any password. Run it and launch /bin/bash from it.
Command:
Command:
Step 7: Observe that the escalation to root user is successful. Change to /root directory and retrieve the flag.
Commands:
Flag: 74f5cc752947ec8a522f9c49453b8e9a
Conclusion
In this lab, we looked to a possible way to escalate privileges on a compromised system.
Last updated