This document provides a comprehensive write-up of the Lazy Admin room on TryHackMe, highlighting a methodical approach to penetration testing within a controlled environment. The challenge is tagged as easy and focuses on exploiting common vulnerabilities found in web applications and misconfigurations within Unix systems.
This post details a comprehensive walkthrough of identifying and exploiting vulnerabilities within the as 'easy' tagged Mustacchio room on TryHackMe. The objective is to systematically enumerate services, exploit found vulnerabilities for initial access, escalate privileges, and capture flags, providing a technical perspective on ethical hacking practices.
In 2022, I had the pleasure of conducting a workshop on Linux Privilege Escalation (LPE) at my workplace. The special thing about it? We’ve made all the materials available on GitHub so that anyone can conduct this workshop themselves!
Together with a colleague, we spent an exciting time delving deep into this complex and fascinating topic. The workshop lasted about 1.5 to 2 hours - a short but intense period where we immersed ourselves in the depths of Linux permissions, kernel exploits, and much more.