June 3, 2026
Linux Privilege Escalation: Enumeration | TryHackMe
Gather information about the target host to understand the system for privilege escalation.
Ryca
1 min read
Learning Objectives
- Understand the purpose and importance of enumeration in Linux privilege escalation
- Identify key OS information using manual enumeration commands
- Find hidden files
- Enumerate users, groups, and permissions on a Linux system
- Enumerate basic network information
- Discover potential privilege escalation vectors through manual enumeration
Answer the questions below
- What is the hostname of the target host?
HINT: uname -a
linux-enumeration
- What is the Linux kernel version of the target host?
HINT: cat /proc/version
6.8.0–1017-aws
- What version of Ubuntu is running on the host?
HINT: cat /etc/os-release
Ubuntu 24.04.1 LTS
- What is the full path of the script run by root every 5 minutes?
HINT: cat /etc/crontab
/root/backup.sh
- What is the full version of AppArmor?
HINT: apt show apparmor 2>/dev/null | grep Version
4.0.1really4.0.1–0ubuntu0.24.04.3
- Print the environment variables. What is the value of LANG?
HINT: ECHO $LANG
C.UTF-8
- What is the flag in your history?
HINT: history
THM{history-is-not-safe}
- What is the full path of the command you are allowed to run with elevated privileges?
HINT: sudo -l
/usr/bin/nmap
- What is the username of the Mailing List Manager?
HINT: cat /etc/passwd | grep list
list
- What is the name of the network interface, other than loopback?
ens5
- What port, other than 22, is listening on the host?
HINT: ss -tln
53
- What are the contents of the secret file in your home folder?
HINT: ls -la
cat ~/.(path)
THM{not-so-hidden}
- Find a file that has TryHackMe in its name. What is its content?
HINT: find / -name "TryHackMe" 2>/dev/null
cat /path/.txt
THM{found-the-flag}