TryHackMe - Practical Example of OS Security Writeup

In this task, we will try to hack into a Linux system.

You can find the task here

In this task on TryHackMe, the objective was to simulate a real-world scenario where we attempt to gain unauthorized access to a Linux system. We started by connecting to the target machine, identified by its IP address [TARGET_IP], using SSH. The login credentials were discovered from a sticky note found on a screen at the client's office—specifically, the username sammie and the password dragon.

The introduction to the room goes like this -

In one typical attack, the attacker seeks to gain access to a remote system. We can accomplish this attack by tricking the target into running a malicious file or by obtaining a username and a password. We will focus on the latter. After discovering a username, we will try to “guess” the password; furthermore, we will try to escalate our privileges to a system administrator. This account is called root on Android, Apple, and Linux systems. While, on MS Windows systems, this account is called administrator. The accounts root and administrator have complete unrestricted access to a system.

Task descriptions include -