Capstone Challenge on TryHackMe

Hello, I hope every one is doing well. Today, I am going to write about capstone challenge in Junior Penetration Tester path in Linux Privilege Escalation room at TryHackMe.
I will try to demonstrate Privilege escalation techniques in very easy steps.

LETS BEGIN…!!!

First we will login by the provided low level credentials

Now we can see that there are three directories in /home folder.
/home/leonard
/home/missy
/home/rootflag
We can also see passwd file and will save this file for further cracking.

Now will will check SUID bit set if any.
SUID or Set Owner User ID is a permission bit flag that applies to executables. SUID allows an alternate user to run an executable with the same permissions as the owner of the file instead of the permissions of the alternate user.

Woohooo…!!! we have found base64 as SUID Bit set.

Now will will read shadow file using base64 encoder/decoder tool.

Base64 is used to encode binary data as printable text. This allows you to transport binary over protocols or mediums that cannot handle binary data formats and require simple text.

Now will will move passwd and shadow file to our server for the great John The Ripper.
SCP (Secure Copy Protocol) is a network protocol used to securely copy files/folders between Linux (Unix) systems on a network.

We will use John the ripper in our attacking machine.
John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems.

Now we have missy password and can read the flags. :)

You can also watch video walkthrough here and subscribe to my YouTube channel. IT Teller