Bash hero
MediumBash
Overview
Investigate this machine and locate any potential vulnerabilities to escalate your privileges, your task is to get root privileges and get the flag from the root folder
Flag format: FLAG{}
Lab Details
Prerequisites & Requirements
- Linux Privilege Model: Understanding how sudo permissions and the /etc/sudoers file can be leveraged to run scripts as a different user.
- Bash Syntax & Logic: Familiarity with conditional statements and regex matching in shell scripts.
- Linux File System Navigation: Ability to explore directories and identify non-standard scripts or binaries.
- Shell Expansion Techniques: Knowledge of how Bash interprets characters like braces {} and backticks ` to execute commands without standard spacing.
What will you learn?
- Restricted Shell Escapes: Learning how to "jailbreak" from a script that limits user input through blacklisted characters.
- Bypassing Input Filters: Using Brace Expansion and Command Substitution to circumvent filters that block spaces or specific alphanumeric characters.
- Sudoers Exploitation: Recognizing security risks when a script is granted NOPASSWD root privileges.
- Source Code Auditing: dentifying logical flaws in a script's sanitization function (e.g., blacklisting vs. whitelisting).
Tools
- None
Job Positions
Ethical Hacker
Tags
Bash ScriptingPrivilege EscalationPermissionsSuid