Lessons Learned

Details of Linpeas Output

Since the linpeas.sh is a very powerful script, it provides a lot of output that is hard for humans to process them. Therefore I tends to only read the outputs that are highlighted in red, but even doing so still takes a lot of time to read through the results. That is why I missed the processes section of the output. I think that this is kind of a stupid mistake and this should not happen again.

X Windows Authorization

From the process details, it seems to be using a .Xauthority method for authentication. The author of the writeup provided a link to the wiki page (https://en.wikipedia.org/wiki/X_Window_authorization#Cookie-based_access). The page suggests that there is a cookie-based access options for X window authorization. This means that the "secret" file is the cookie for connecting to the VNC process that is running as root.