This a is a video walk-through of TryHackMe's Eavesdropper. If you prefer a written walk-through, you can find it here: https://readysetexploit.gitlab.io/home/thm/eavesdropper/
Buy Me A Coffee :)
https://www.buymeacoffee.com/hadrian3689
Chapters:
0:00 Intro
1:20 SSH Access
2:20 Doing basic enumeration checks
3:30 Reviewing tools for this challenge
5:30 Running Pspy and finding a sudo command
7:00 Breaking down the sudo command process
8:05 Running LinPeas for later review
8:40 Reviewing how the Linux PATH works
10:30 Showing a basic PATH Hijack example
13:00 Explaining Sudo Hijacking
14:20 Creating a password capture sudo script
16:55 Script is set, changing PATH for sudo hijacking
18:50 Password captured and getting root
EXTRA
19:55 Reviewing LinPeas results
