Enumeration & Exploitation Challenge 1 - Chrooted

Prompt

We managed to break into a Liber8tion server. Why they thought the password liber8 would be hard to guess is…well, anybody’s guess. Now it’s time to look for vulnerabilities on the server. Can you escalate your privileges to root?

Answers

Q1 (10 pts) - Look at the script inside your home directory. What is the name of the tool which this script invokes? (Format: either the name without the extension, or the full name; e.g., DRY = Don’t Repeat Yourself)
LinPEAS

Q2 (20 pts) - What is the version of the native system tool that the script detects as potentially vulnerable (NOT kernel exploits)? (Answer Format: X.X.X)
1.9.16

Q3 (20 pts) - What CVE(s) are associated with that version of the software (you only need to submit one; format CVE-YYYY-DDDDD)? The CVE(s) will be from 2025.
CVE-2025-32463

Q4 (50 pts) - Exploit the vulnerability; what is the value of the flag in /root/flag.txt?
SKY-PRIV-2332

Steps I Took

Q1 — The tool was in the name of the script

I ran the tool with /opt/linepeas.sh

Found Sudo version 1.9.16p2 Searched for CVE https://github.com/pr0v3rbs/CVE-2025-32463_chwoot Tried that, but didn’t work I still believed it was the correct approach. The GitHub page said to run sudo -R woot woot, and vulnerable systems should return No such file or directory, which is exactly what I saw.

After more testing, I got it to work. The issue turned out to be how I was pasting the exploit. I saved the exploit into a file in the terminal.

I ran the file, and it gave me root access.