Hack the Lin.Security VM (Boot to Root)

Hack the Lin.Security VM (Boot to Root)

Aarti S. Aarti S.

Aarti S.

Lead Pentester | OSCP|CISM| ISO27001-2013-Lead Auditor

发布日期: 2018年7月15日
+ 关注

Hello Guy’s!! In our previous article “Linux Privilege Escalation using Sudo Rights” we had described how some weak misconfiguration sudo rights can lead to root privilege escalation and today I am going to solve the CTF “Lin.Security – Vulnhub” which is design on weak sudo right permissions for beginners to test their skillset through this VM. This is one of the simplest labs to learn pen testing and also avoid misconfiguration, which can lead to full system compromise.

This lab has been designed by the researcher to help us understand, how certain built-in applications and services if misconfigured, may be abused by an attacker. Here an up-to-date Ubuntu distro (18.04 LTS) suffers from a number of vulnerabilities that allow a user to escalate to root on the box.

Let’s see how to install and start?

The image is just under 1.7 GB and can be downloaded using the link of vulnhub.com (https://www.vulnhub.com/?q=lin.security&sort=date-asc&type=vm#). On opening the OVA file, a VM named lin.security will be imported and configured with a NAT adapter, but this can be changed to bridge via the preferences of your preferred virtualization platform.

Let’s move now to find the ways to root this lab!!

The first thing before doing any of the CTF is to read the instructions carefully before starting your vulnerability assessment and save your precious time.

The writer of the lab has given a hint in terms of user-id & password of one of the users.

Full Article Read Here

要查看或添加评论,请登录

Aarti S.的更多文章

  • HIRING
    2024年4月16日

    HIRING

    Location - India (Remote) Job Type - Full Time Experience - Entry Level (1-3 Years) Job Summary: We are seeking a…

  • Data Exfiltration using PowerShell Empire
    2019年5月27日

    Data Exfiltration using PowerShell Empire

    In our previous post, we had already discussed “Command and Control with DropboxC2” But we are going to demonstrate…

  • Development: Vulnhub Walkthrough
    2019年5月17日

    Development: Vulnhub Walkthrough

    Today we are going to take on another challenge known as “DEVELOPMENT”. This is designed for OSCP practice, and the…

  • Hack the Box : Irked Walkthrough
    2019年4月28日

    Hack the Box : Irked Walkthrough

    Today we are going to solve another CTF challenge “irked”. It is a retired vulnerable lab presented by Hack the Box for…

  • Hack the Box: Teacher Walkthrough
    2019年4月24日

    Hack the Box: Teacher Walkthrough

    oday we are going to solve another CTF challenge “Teacher”. It is a retired vulnerable lab presented by Hack the Box…

  • Covert Channel: The Hidden Network
    2019年4月21日

    Covert Channel: The Hidden Network

    Generally, the hacker uses a hidden network to escape themselves from firewall and IDS such. In this post, you will…

  • SP eric: Vulnhub Lab Walkthrough
    2019年4月17日

    SP eric: Vulnhub Lab Walkthrough

    Hello friends! Today we are going to take another CTF challenge known as “SP eric”. The credit for making this VM…

  • Command & Control: WebDav C2
    2019年4月14日

    Command & Control: WebDav C2

    In this article, we will learn how to use WebDav C2 tool. Table of Content: Introduction Installation Exploiting Target…

  • Comprehensive Guide on Netcat
    2019年4月2日

    Comprehensive Guide on Netcat

    his article will provide you with the basic guide of Netcat and how to get a session from it using different methods…

    4 条评论
  • Empire GUI: Graphical Interface to the Empire Post-Exploitation Framework
    2019年3月27日

    Empire GUI: Graphical Interface to the Empire Post-Exploitation Framework

    This is our 8th post in the series of the empire which covers how to use empire as GUI. Empire has a great GUI…

社区洞察

其他会员也浏览了