We enumerate NFS shares, and upload a Web Shell . We also performed Linux privilege escalation by getting an X11 magic cookie from a different NFS share and using it to get a screenshot of the current user’s desktop, showing the root password in a password manager. This was part of HackTheBox Squashed machine.

Squashed is an Easy Difficulty Linux machine that features a combination of both identifying and leveraging misconfigurations in NFS shares through impersonating users. Additionally, the box incorporates the enumeration of an X11 display into the privilege escalation by having the attacker take a screenshot of the current Desktop.

Get OSCP Notes

Video Walkthrough

CTF Writeups, HackTheBox, HackTheBox Squashed, Linux privilege escalation

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

Linux Privilege Escalation Through X11 Authorization | HackTheBox Squashed

Leave a Reply Cancel reply

Motasem

About the Author

Other stories

DNS Zone Transfer and Python Privilege Escalation | HackTheBox FriendZone

Demonstrating XSS,RCE and PostgreSQL Exploitation | HackTheBox Red Cross

Press ESC to close

Linux Privilege Escalation Through X11 Authorization | HackTheBox Squashed

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

Other stories

DNS Zone Transfer and Python Privilege Escalation | HackTheBox FriendZone

Demonstrating XSS,RCE and PostgreSQL Exploitation | HackTheBox Red Cross