Linux PrivEsc - TryHackMe

Learn basics of Linux Privilege Escalation

11 min readJul 12, 2020

This write-up is based on the Linux PrivEsc room from Try Hack Me. Please find this room here:- https://tryhackme.com/room/linuxprivesc

[Task 1] Deploy the Vulnerable Debian VM

Deploy the VM
SSH in to the VM using the credentials given and run the idcommand

[Task 2] Service Exploit

This task is to exploit the following vulnerability in MySql:-

CVE-2005-0711 : MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when…

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which…

www.cvedetails.com

The exploit is available here:-

Offensive Security's Exploit Database Archive

MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Dynamic Library (2).. local exploit for Linux platform

www.exploit-db.com

The creator of the room has already made the exploit file - raptor_udf2.c on the VM at location:- /home/user/tools/mysql-udf . Run the following commands as asked: