LIN.SECURITY: 1 — Walkthrough
Description
Description
Here at lin.security, they wanted to develop a Linux virtual machine that is based, at the time of writing, on an up-to-date Ubuntu distro (18.04 LTS), but suffers from a number of vulnerabilities that allow a user to escalate to root on the box. This has been designed to help understand how certain built-in applications and services if misconfigured, may be abused by an attacker.
They have configured the box to simulate real-world vulnerabilities (albeit on a single host) which will help you to perfect your local privilege escalation skills, techniques and toolsets. There are a number challenges which range from fairly easy to intermediate level and we’re excited to see the methods you use to solve them!
The image is just under 1.7 GB and can be downloaded using the link above. On opening the OVA file a VM named lin.security will be imported and configured with a NAT adapter, but this can be changed to bridged via the the preferences of your preferred virtualisation platform.
To get started you can log onto the host with the credentials: bob/secret
Point Of Intrusion (POI)
- User:bob, peter| Exploit: Sudo
- User:Any | Exploit: /etc/passwd (Hash)
- User:Any | Exploit: Cronjob (Exploiting Wildcard)
- User:Any | Exploit: Secret File (.secret in home dir)
- User:Susan | Exploit: SUID
- NFS (low privileged access) — Root squashing + SSH key
- User:peter | Exploit: Docker
- User:peter | Exploit: Systemd misconfig.