Tardigrade- Writeup
This is my Writeup to the new Tardigrade Room on TryHackMe. The topic of this room is finding and destroying ways of how a hacker can get and ensure a foothold as root.
Task 1
First we have to gain access to the machine. We can do this, by simply “sshing”.
ssh giorgio@10.10.XX.YY
Using the password “armani”, we have a shell as giorgio. Actually as root, because we have root privileges.
To get the answer to the first question, we simply need to use one command:
lsb_release -d
And there it is.
Task 2
The interesting file is a hidden SUID file. To find it, we just have to add “-a” to the ls command. Then it is really easy to find the uncommon file.
The next question is a little bit more difficult. We have to look a rather big file (/home/giorgio/.bashrc) and if you look at it, an interesting IP address catches the eye…
Then, scheduled tasks. What comes first to mind: crontabs. So I typed “crontab -e” and there is our sulution.
Task 3
Yes ummm. Just read through the task…
Task 4
To get access to the root account, we just have to type “sudo bash”. And since we can run every command as root, we got a shell.
And after a few seconds: there is the error.
And if we press enter…
…there is the next solution.
To answer the last question in this task, you have to know what happens, when you log in as a user. In short terms: a specific file, that every user has inside there home directory gets executed.
We already look at Giorgios in task 2…
Task 5
In this task we have to find a name. A name of something (or someone). So I looked inside the home directory, but there was no one except for giorgio. But then I remembered a file, where all users are noted: /etc/shadow
And there is actually an other user. And with this the solution.
Task 6
In the last task, we should use this final mechanism to find the nugget. So I logged in as this user (sudo su THISUSER) and went to their home directory.
cd ~
I thought “.youfoundme” lookes interesting. And I was right.
Congratulation, everything is solved!!
