Hack the Lin.Security VM (Boot to Root)

Hello Guy’s!! In our previous article “Linux Privilege Escalation using Sudo Rights” we had described how some weak misconfiguration sudo rights can lead to root privilege escalation and today I am going to solve the CTF “Lin.Security – Vulnhub” which is design on weak sudo right permissions for beginners to test their skillset through this VM. This is one of the simplest labs to learn pen testing and also avoid misconfiguration, which can lead to full system compromise.

This lab has been designed by the researcher to help us understand, how certain built-in applications and services if misconfigured, may be abused by an attacker. Here an up-to-date Ubuntu distro (18.04 LTS) suffers from a number of vulnerabilities that allow a user to escalate to root on the box.

Let’s see how to install and start?

The image is just under 1.7 GB and can be downloaded using the link of vulnhub.com (https://www.vulnhub.com/?q=lin.security&sort=date-asc&type=vm#). On opening the OVA file, a VM named lin.security will be imported and configured with a NAT adapter, but this can be changed to bridge via the preferences of your preferred virtualization platform.

Let’s move now to find the ways to root this lab!!

The first thing before doing any of the CTF is to read the instructions carefully before starting your vulnerability assessment and save your precious time.

The writer of the lab has given a hint in terms of user-id & password of one of the users.

It is “To get started you can log onto the host with the credentials: bob/secret

The IP of my lab is 192.168.1.104. I run the Nmap Aggressive scan to find out the open ports and relative services.

Here is the snippet of Nmap result where I found that Port 22 is open along with two other ports.

I used the port 22 (SSH) to login into the machine with given credentials: bob/secret.

After ‘logging in’ I tried to check the sudo rights for user bob:

sudo -l

The next prompt asked for the root password and I tried the same credentials “secret” and it worked!! I can see all the permissions which bob has and now I can easily root the machine using any of these permitted commands.

Let’s try the first way!

–> Boom!! It’s rooted.

Second way!

 

Third way

Another way using ‘find’ command to do privilege escalation!

Fourth way

One more way using ‘perl – one liner’ for privilege escalation!

 

If you are aware of various methods use for Linux privilege escalation, then you can complete this challenge within a fraction of time. There are so many methods to exploit this vulnerability for more detail open this link: https://www.hackingarticles.in/linux-privilege-escalation-using-exploiting-sudo-rights/

Enjoy Hacking!!!

AuthorDevender Kumar, An IT security Specialist and Post Graduate in Cyber Law & Cyber Forensics. You can Contact him here 

Leave a Reply

Your email address will not be published. Required fields are marked *