Exploiting a Boot2Root Machine
By: Ralph Desmangles
What is a Boot2Root?
A Boot2Root is an intentionally vulnerable VM designed to teach security practitioners practical/hands-on skills.
Each challenge difficulty can range from easy to insane, and USUALLY no two boxes will ever be the same. (Same Exploits, different Configurations)
Objectives of Boot2Root
Windows Machines
Common Methodology
The methodology to rooting these boxes can be broken down into the following four steps:
Scanning Phase
Port Scanning
Enumeration Phase
During the enumeration phase, the goal is to discover weaknesses/entry points into the target machine.
Exploitation Phase
Once you’ve enumerated all services, it’s now time to exploit them. If you completed the previous step correctly it should be clear what vulnerabilities lie within the target system.
Each box has a different exploit path ranging from a simple one-click RCE to Custom Binary Exploitation.
Privilege Escalation Phase
Once you’ve got your initial user shell the next step is to escalate privileges to a root/administrator account.
During this phase you’re repeating the same process as before, scanning the target machine and enumerating those scan results to find vulnerabilities that will allow you privileged access. These scans will reveal information such as:
Using the information above, the path to root should reveal itself.
Demo Time!
Resources / Tools Used
https://tryhackme.com/room/gamingserver
https://shenaniganslabs.io/2019/05/21/LXD-LPE.html
https://www.hackingarticles.in/lxd-privilege-escalation/
https://www.exploit-db.com/exploits/46978
https://0x00sec.org/t/my-hackthebox-ctf-methodology-from-fresh-box-to-root/13980
Tools: