## https://sploitus.com/exploit?id=34445F04-B96E-556C-8D39-738BE8D7209B
# Boot2Root
> *A cybersecurity challenge focused on penetration testing, privilege escalation, and system enumeration.*
## ๐ Overview
**Boot2Root** is a security-oriented project that introduces the fundamentals of offensive cybersecurity through a vulnerable Linux server. The objective is to analyze, enumerate, and exploit the target machine in order to obtain **root privileges** using multiple independent attack paths.
Unlike traditional programming projects, Boot2Root emphasizes methodology, critical thinking, and understanding of operating systems, networking, and security mechanisms.
The challenge is performed on a provided virtual machine that must remain unmodified throughout the project.
---
## ๐ฏ Objectives
The main goals of this project are to:
* Perform network reconnaissance and service enumeration.
* Identify vulnerabilities and system misconfigurations.
* Exploit the target machine to gain an initial foothold.
* Escalate privileges until obtaining a root shell.
* Discover at least **two different exploitation paths** leading to root access.
* Document every step in detailed technical write-ups.
---
## ๐ ๏ธ Skills Developed
Throughout this project, the following areas are explored:
* Linux system administration
* Networking fundamentals
* Service enumeration
* Vulnerability assessment
* Privilege escalation
* Web security
* Authentication mechanisms
* Shell environments
* Technical documentation
* Penetration testing methodology
---
## ๐ Project Structure
The repository typically contains:
```text
.
โโโ writeup1
โโโ writeup2
โโโ scripts/
```
* **writeup1** โ Documentation for the first exploitation method.
* **writeup2** โ Documentation for the second exploitation method.
* **scripts/** โ Optional helper scripts used during the assessment (no binaries).
---
## ๐ Requirements
* Use the provided **64-bit virtual machine**.
* Do **not** modify the ISO image.
* Do **not** exploit the bootloader (GRUB) or alter the virtual disk offline.
* All attacks must target the **running server**.
* Brute-force attacks are prohibited.
* Every exploitation method must be fully understood and documented.
---
## ๐ Learning Outcomes
By completing this project, students gain practical experience with:
* Real-world penetration testing workflows
* Information gathering and reconnaissance
* Exploitation techniques
* Linux privilege escalation
* Security analysis
* Writing professional penetration testing reports
---
## Virtual Machine
```bash
wget https://cdn.intra.42.fr/isos/BornToSecHackMe-v1.1.iso
```
----
## Requierement
| software | description | cmd install |
|---|----|----|
| gobuster | tool for brute forcing directories on web servers |```sudo apt install gobuster```|
| nmap | network scanner |```sudo apt install nmap```|
---
## โ ๏ธ Disclaimer
This repository is intended for **educational purposes only**.
All techniques and tools should only be used in controlled environments or systems for which you have explicit authorization.
## REF
https://www.youtube.com/watch?v=LkcdN7hZOuM
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.44-0ubuntu0.12.04.1