Pentester Academy (Weekend Lab Sprint)

The Golden Logs (Linux privilege escalation)

Dashboard

Privilege Escalation : Linux

The Golden Logs (LPE)

your mission to retrieve the flag (problem statment)

type ls to check (initial recon) then ls -la for long listing.

To see every process on the system using standard syntax
ps -ef 

we see /usr/lib/postfix/sbin/master

we see mail service is running as root.so we check mail logs by

cat /var/mail/root

// after this is comment now to type with command

we see /bin/sh: cant open /opt/exec.sh

now old fashion for spawning a shell and escalating privilege.​Creating a new file with same name in the same location with shell code to insert an
entry into /etc/sudoers file.

note : This entry will allow the current user to run any command with sudo
without providing password. (lets give a try.)

now check the current configration by command: sudo -l.

now we are closer lets see the output.

​currently there are only two entries i.e. one for cron (jobs) and other one postfix(mail). Wait for a
minute for shell script to execute.

After a minute , now checking the sudo configuration again. This time, new entry is present.

we are close to job

now type and execute binary/command with sudo like : /bin/bash

now we must look for flag .searching in root dirr or desktop of root.

we see the flag .. yes we have did it .

flag is dfba711fd731b0c2ebc1586b0484a8ec

flag get accepted .

thank you.