Series of CTF machines Walkthrough #4 Linux Privilege Escalation (Enumeration).

Image from GOOGLE

Hello Hackers, Today we are not only going to solve the CTF machine along with that, we are going to learn about how to do Enumeration and different methodologies to Elevate the Privileges.

While solving the CTF machines “Privilege Escalation” is very important, escalating the user to higher privilege is not a piece of cake, some times you have to bang your head to the wall or break the keyboard, just kidding.

Jokes apart Let’s Start,

In this article we will go through Manual Enumeration and Automated Enumeration, which i learnt from TryHackMe.

What is Privilege escalation

Privilege escalation means gaining a higher authority above the assigned privilege. example escalating privilege from “User” to “Root” or “Asst Manager” to “Manager”.

Definition from TryHackMe

Image from TryHackMe

Different Methods or Commands for Manual Enumeration

  1. hostname
    This command will give the hostname of the target machine.

2) uname -a
This command gives the information about the system with kernel info by this you can easily find out kernel vulnerabilities.

3) /proc/version
The /proc file system (Procfs) is a virtual system created on fly. It contains the useful info about the processes that are currently running also it is called as control and info center of kernel.

The /version file contains the linux Kernel version, Distribution name, gcc version number and other info about the kernel.

4) /etc/issue
The /etc directory consists of system configuration files.

The /etc/issue file contains the info about the OS which displays before the login prompt, it can be easily modified.

5) ps
The “ps” stands for “Process Status”, it displays the running process on a linux system.
These are the following Information it displays
* PID — The unique Process ID.
* TTY — The terminal type using by the user.
* Time — The amount of CPU time that the process has been running.
* CMD — The command or Executable files are running.

6) env
The “env” command, list out the environment variables, which is useful to execute the privilege escalation.

Environment Variables
Where the executable files are stored, when you type any command in the terminal it looks into environment variable directories there are particular directories which stores the value in variable names.
Ex- when you type “ls” or “echo” command in terminal the command searches in the $PATH variable and after it executes the commands.

7) sudo -l
The “sudo” gives the permission to run any files as root user. “sudo -l” is used to list all the programs that user can run using sudo.

8) Id
The “ID” command gives the info about the current user and his privilleges and the group memberships.

9) /etc/passwd
The “/etc/passwd” file displays the info about the users present on the system.

10) history
The “history” command gives the information about the previous commands used by the user, there may be a username and password, it is a good practice to check.

11) netstat
The “netstat” command displays the information about current network connections, which ports are open/listening and the services which are running.

12) find
The “find” command is used to check the particular files.
Example : find -names test.txt — which gives the location/directory details where the file relies.

Useful cmd’s used for “Privilege Escalation”.
* find / -perm -o x -type d 2>/dev/null — Displays the world executable folders.
* find / -perm -u=s -type f 2>/dev/null — Displays the “suid” Bit set files.

By finding these files which are higher privileges, easily by executing these files you can escalate your privileges.

In up-coming write-ups you will learn more about the Privilege Escalations, where you will be using these above commands.

Automated Enumeration

We know that doing things manually will consume more time, so by using some automated scripts you can easily find out perfect exploit to escalate the privilege.

Here are some automated scripts.

* LinPeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
* LinEnum: https://github.com/rebootuser/LinEnum
* LES (Linux Exploit Suggester): https://github.com/mzet-/linux-exploit-suggester
* Linux Smart Enumeration: https://github.com/diego-treitos/linux-smart-enumeration
* Linux Priv Checker: https://github.com/linted/linuxprivchecker

You will use these scripts in the up-coming write-ups.

The next article will be on “Kernel Exploit”.

I hope you learned how to enumeration methods before escalating privileges, for further write-ups make sure to follow on“Linked-in & Twitter”.

Link for Procfs.
https://www.geeksforgeeks.org/proc-file-system-linux/

Link for environment variables.
https://www.geeksforgeeks.org/environment-variables-in-linux-unix/
https://www.geeksforgeeks.org/env-command-in-linux-with-examples/

Link for TryHackMe Linux Privilege Escalation machine.
https://tryhackme.com/room/linprivesc.

Thank you so much for TryHackMe and Alper Basaran for creating this amazing machine.

Follow Techiepedia for more such awesome write-ups

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store