Linux PrivEsc - TryHackMe
This write-up is based on the Linux PrivEsc room from Try Hack Me:- https://tryhackme.com/room/linuxprivesc [Task 1] Deploy the Vulnerable Debian VM #1 Deploy the VM #2 SSH in to the VM using the credentials given and run the id command [Task 2] Service Exploit This task is to exploit the following vulnerability in MySql:- https://www.cvedetails.com/cve/CVE-2005-0711 The exploit is available here:- https://www.exploit-db.com/exploits/1518 The create of the room has already made the exploit file - raptor_udf2.c on the VM at location:- /home/user/tools/mysql-udf Then run the following commands as asked: Get the root shell: Learning from this task:- Avoid running applications as "root" Patch things and stay up to date. [Task 3] Weak File Permissions - Readable /etc/shadow #1 What is the root user's password hash? As we can see that hashes of root and user are exposed, which can be cracked offline! #2 What hashing algorithm was used