# LazyAdmin

## <mark style="color:purple;">LazyAdmin - TryHackMe</mark>

### <mark style="color:purple;">Overview</mark>

The **LazyAdmin** machine, available on [TryHackMe](https://tryhackme.com/r/room/lazyadmin), is a beginner-friendly challenge designed to test enumeration, exploitation, and privilege escalation skills in a controlled environment. This machine simulates a scenario often encountered in real-world environments, where misconfigurations and poor security practices expose critical vulnerabilities.

***

### <mark style="color:purple;">Key Objectives</mark>

1. **Enumeration:** Identify publicly accessible resources and gather sensitive information.
2. **Exploitation:** Leverage known vulnerabilities in outdated software to gain unauthorized access.
3. **Privilege Escalation:** Exploit insecure configurations to achieve root-level access.

***

### <mark style="color:purple;">Skills Demonstrated</mark>

* Identifying and exploiting misconfigured directories and files.
* Analyzing database backups to extract sensitive credentials.
* Utilizing tools like `nmap`, `dirbuster`, and `netcat` for reconnaissance and exploitation.
* Executing attacks such as Cross-Site Request Forgery (CSRF) and remote code execution (RCE).
* Elevating privileges by exploiting insecure sudo configurations.

***

### <mark style="color:purple;">Relevance</mark>

This machine serves as an excellent showcase of practical cybersecurity skills, emphasizing the importance of secure configurations and regular patching. The techniques employed in this challenge highlight common vulnerabilities and how they can be exploited by attackers, offering valuable insights into proactive risk management and mitigation.