EH-Net

I registered for PWB last October, after initial excitement, the terror of covering all pre-requisite started. So like almost everyone else I bought books. a lot of books. I learned python and web app development (udacity), I learned C and socket programming, Linux ASM, various tuts on security tube, Exploit-exercise.com etc

Now I am back and I want my OSCP. But before I sign up for the labs again there is one "little" topic which  I need to cover. Priv escalation! There are tons of resources abt exploitation but I can't for the life of me, find tutorial or books for priv esc. I would really appreciate some pointers regarding that. Hopefully that should minimize the pain in the labs this time around.

Cheers!
 

g0tmi1k's blog has a good cheat sheet of commands for Basic Linux Privilege Escalation:

http://g0tmi1k.blogspot.co.uk/2011/08/basic-linux-privilege-escalation.html

There was also a recent tutorial on here by Jamie.R called Basic Priv Esculation for newbi:

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,9169.0/

Best way to practice privilege escalation is to do it. Get a hold of vulnerable virtual machines like Kioptrix and De-ICE and root them. The PWB labs are also a great place to practice privilege escalation. The labs are for you to learn and make mistakes, so take advantage of that.

The key to this is knowing what the different local priv exploits are for all the different kernels. After you know which ones there are its really just a matter of figuring out if the box your on is the same kernel and/or has the vulnerable  software installed on the box.

Start on exploit-db to get an idea. However, there are some that are not in exploit-db. A typical "<insert kernel version> exploit" google search will do....

You may want to read this thread too (I originally made a typo in the title "eXcalation" as oppose to "eScalation")

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5966.0/ (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5966.0/)

MaXe and Sil, amongst others, made long and useful comments...

Here are some links for Windows that I bookmarked for Windows:

http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/

http://pentestmonkey.net/tools/windows-privesc-check

http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/

I did not try any of them yet as I currently focus on Linux. If you play the IO challanges on smashthestack.org then level4 is good to practise. It teaches you to abuse SETUID/SETGUID programs.

Basically you search for any program running with SETUID and see if there is a vulnerability in it. Then you exploit it and you gain the elevated rights.