While working through TheCyberMentor’s Linux Privesc course, I learned something new and wanted to place this here so I can refer to it later. There’s a box on TryHackMe called ConvertMyVideo. This post does not intend to serve as a walk-through or write-up of that box, but rather is a using it as an example for some of the tips I’m going to place here.
Setting the Stage & Using the Tool
So we have a low-level shell on the box and we’ve done our basic enumeration to try to find a path to escalate privileges. Couldn’t locate anything, but we do see that there is a cron process running after executing the following command.
So we know that cron is being used, but we don’t see anything in the crontab. This is where a tool like ps.py comes in handy! It will monitor the system for any commands that get executed and present them to us.
Let’s go out to grab the tool from Github. Download the necessary binary and lets transfer it over to the target machine.
Once you have it, let’s make sure its executable and run it on the system.
chmod +x pspy64
Now we can look through the results, and we see that the following commands are being executed on a schedule.
From here, we’d be able to continue our enumeration of the box armed with knowledge of what commands are being executed on their own.