TryHackMe Linux: Local Enumeration Write-Ups

Hi, this a write-up for the room Linux: Local Enumeration on TryHackMe platform. The creator of this room is Swafox. Without further ado, let’s start!

Link to TryHackMe Linux: Local Enumeration room: https://tryhackme.com/room/lle

To start, go to the IP address provided by TryHackMe platform with port 3000.

Copy the reverse shell string and change both IP to your machine IP address and port.

Run NetCat listener with the port selected.

nc -lnvp <port>

Run the reverse shell and we are in.

Unit 1-tty

We will learn how to upgrade to a proper stable terminal to run command such as sudo and su.

For Perl, we can run:

perl -e ‘exec “/bin/bash”;’

which can be found online. I use GTFOBINS.

Unit 1-ssh

We learn now how to use ssh to connect to a box and use ssh-keygen.

To look for id_rsa for a user, it is usually can be found at:

/home/user/.ssh/id_rsa

For this machine, after a search in .ssh directory, we could not find any id_rsa files. So, the answer is:

Nay

Unit 2-Basic Enumeration

In this, we learn about sudo -l , sudo -V and uname.

To print the machine hardware name only:

uname -m

To find bash history, we can find it at:

~/.bash_history

For the flag, we can just use cat command to print out the history.

Unit 3 -/etc

In this part, we learn about /etc/passwd and /etc/shadow.

We can use cat /etc/passwd on the machine and we can see:

Unit 4-Find command and interesting files

This part teaches how to use the find command to find some sensitive files in the machine.

To find the password and based ion the hint given, we can use:

find / -type f -name “*.bak” 2>/dev/null

To find the flag in the .conf file, we can: ( I predicted the name to be flag.conf so :D)

find / -type f -name flag.conf 2>/dev/null

Unit 4 -SUID

This part teaches us about using the find command to find SUID binaries for privesc.

By using:

find / -perm -4000 2>/dev/null

we can find the grep command that can be used.

For showing the /etc/shadow, we can use command:

grep ‘’ /etc/shadow

The command/payload can be used to read the /etc/shadow using grep command can be found in GTFOBINS.

And we are done! Thank you for finishing my write ups.

This room help beginner a lot in using command lines. I also learnt a lot while doing this room.

This a great room for beginners provided in TryHackMe Platform.

############################################

Anyone willing to provide me free vouchers are greatly appreciated!

Thanks in advance!
############################################