Tag

Linux

Guides, Linux, Privilege Escalation

Linux Privilege Escalation – Exploiting User-Defined Functions

Introduction

User-Defined Functions in MySQL are used to extend the functionality by adding external code that will work the same as inbuilt functions. Certain versions of MySQL are affected by vulnerabilities that could allow attackers with database root access to execute code in the context of the MySQL process, which is often root, and escalate privileges.

Read more
CTF Walkthroughs, TryHackMe

TryHackMe – Looking Glass Walkthrough

Introduction

This was an intermediate Linux machine that involved deciphering a password encrypted using the Vigenere cipher to gain initial access, exploiting a cron job to escalate to the tweedledum user, cracking user hashes to escalate to the humptydumpty user, accessing a private SSH key on the machine to escalate to the alice user and exploiting a misconfigured Sudo rule to escalate privileges to root.

Read more