Introduction

This post is a follow-up tutorial focused on Linux privilege escalation, part of a penetration testing walkthrough for the vulnerable machines named “Nezuko” on Vulnhub.

Offensive Security Web Assessor (OSWA) Study Notes

E-learn Junior Penetration Tester (eJPTv2) Study Notes

Key Learnings

Objective: The video builds on exploiting the “Woodman” application, with the current goal being to escalate privileges from a limited user to a root-level user.

Learning Focus: Teaching penetration testing techniques, emphasizing systematic and methodical approaches.

Walkthrough

A. Initial Enumeration

  • Verified the current user (Newso) has limited privileges.
  • Began with a search for binaries or files with the SUID bit set, which allows execution with root privileges.

B. Checking Sensitive Files

  • Inspected /etc/passwd, found a hash for a user on the system.
  • Used John the Ripper to crack the hash and retrieve the password for the next user (Znatsu).

C. Directory Exploration

  • Navigated to Znatsu’s directory, found a script named sendMessageToRizoka.sh.
  • Realized the script had misconfigured permissions, allowing it to be edited by a non-root user.

D. Injecting Malicious Code

  • Modified the script to include a reverse shell payload, which connects back to the attacker’s system.
  • Used a listener (Netcat) to wait for a connection when the script was executed by the system.

E. Triggering the Script

  • Discovered the script runs periodically via a cron job under root privileges.
  • Once triggered, the reverse shell connected back, granting root access.

Key Notes

Identify Misconfigurations: Many privilege escalation vulnerabilities stem from poorly configured file permissions, binaries, or scripts.

Be Methodical: Systematically enumerate users, files, and directories to uncover vulnerabilities.

Secure Systems: Always configure scripts and files with restricted permissions to prevent unauthorized edits.

Interesting Facts on Linux Privilege Escalation

  • Privilege escalation often targets basic misconfigurations, not complex exploits. 70% of Linux escalation issues involve such errors.
  • Tools like John the Ripper are indispensable for penetration testers to crack passwords efficiently.

Video Walkthrough

, ,
Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles