Learn the fundamentals of Linux privilege escalation. From enumeration to exploitation, get hands-on with over 8 different privilege escalation techniques.

In this video walk-through, we covered linux privilege escalation challenge or linux privesc room as part of TryHackMe Junior Penetration Tester pathway.

Privilege escalation is a journey. There are no silver bullets, and much depends on the specific configuration of the target system. The kernel version, installed applications, supported programming languages, other users’ passwords are a few key elements that will affect your road to the root shell.

This room was designed to cover the main privilege escalation vectors and give you a better understanding of the process. This new skill will be an essential part of your arsenal whether you are participating in CTFs, taking certification exams, or working as a penetration tester.

Get OSCP Certificate Notes


Room Link

Linux PrivEsc

Room Answers

What is the hostname of the target system?

What is the Linux kernel version of the target system?

What Linux is this?

What version of the Python language is installed on the system?

What vulnerability seem to affect the kernel of the target system? (Enter a CVE number)

What is the content of the flag1.txt file?

How many programs can the user “karen” run on the target system with sudo rights?

What is the content of the flag2.txt file?

How would you use Nmap to spawn a root shell if your user had sudo rights on nmap?

What is the hash of frank’s password?

Which user shares the name of a great comic book writer?

What is the password of user2?

What is the content of the flag3.txt file?

How many binaries have set capabilities?

What other binary can be used through its capabilities?

What is the content of the flag4.txt file?

How many cron jobs can you see on the target system?
What is the content of the flag5.txt file?

What is Matt’s password?

What is the odd folder you have write access for?

Exploit the $PATH vulnerability to read the content of the flag6.txt file.

What is the content of the flag6.txt file?

How many mountable shares can you identify on the target system?
How many shares have the “no_root_squash” option enabled?

Gain a root shell on the target system

What is the content of the flag7.txt file?

What is the content of the flag1.txt file?

What is the content of the flag2.txt file?

Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles