Linux PrivEsc

• Run the "id" command. What is the result?

uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev)

• What is the root user's password hash?

$6$Tb/euwmK$OXA.dwMeOAcopwBl68boTG5zi65wIHsc84OWAIye5VITLLtVlaXvRDJXET..it8r.jbrlpfZeMdwD3B0fGxJI0

• What hashing algorithm was used to produce the root user's password hash?

sha512crypt

• What is the root user's password?

password123

• Run the "id" command as the newroot user. What is the result?

uid=0(root) gid=0(root) groups=0(root)

• How many programs is "user" allowed to run via sudo? 

11

• One program on the list doesn't have a shell escape sequence on GTFOBins. Which is it?

apache2

• What is the value of the PATH variable in /etc/crontab?

/home/user:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

• What is the full mysql command the user executed?

mysql -h somehost.local -uroot -ppassword123

• What file did you find the root user's credentials in?   

/etc/openvpn/auth.txt

• What is the name of the option that disables root squashing?

no_root_squash