Welcome. Well I think your goals are quite unrealistic, especially when you're trying to accomplish them over the weekend. You say you have no experience with Linux, so how can you expect to find exploits so fast unless you know what you're doing. I would suggest you read some books about Linux, learn to work with the Linux terminal and experiment with the commands. Also try to pick up information about bash scripting and Perl.

ZF

ZeroFlaw and chrisj,

appreciate the replies...thanks for the postings!

i will look into the Hacking for Dummies material, didnt realize it was available.
so you know, i did buy the nmap and snort books already.
but there not geared towards local exploits, or root priv escalation which is my current objective.

but also, would you know where i can get assistance for those i have listed?
something more proactive, where communication (or perhaps hand holding) is available?
some place where i can obtain interactive, tell me what the heck to do assistance?

i am not oppose to paying for help, its just learning and not harmful or illegal actions i am pursuing, as i presume most intentions are on this site.

books are limited, they say what SHOULD happen, but when that doesnt, its those periods i need the extra push (and not off a cliff either) LOL

well, to elaborate;

as mentioned, while certainly not new to computers/windows, linux is indeed new.
i've worked with /etc/shadow and /etc/passwd files already in earlier labs.
i am familiar with jtr, cain n abel, etc.
taking hashes and running them to jtr, i have 3-4 passwords already.

i have already, successfully completed other parts of my labs, using Priviledge Exploits (but they worked and were without incident-on CentOS, different kernel - worked like a charm).

however, i can also correlate parts of windows to linux, in that CLI/Terminal similarities exist.

on my lab, i DO HAVE TERMINAL access, except to those important directories/files limited by permissions, hence the Privilege Escalation help i need.

yes, i know brutessh "can" take a long time;
 however, when you know users/passwords on a system (i know 2-3 accounts and their passwords, as i can login via the OS Gui just fine), when i manually enter the passwords into password dictionary text files, use the app, point to that dictionary and things just dont work as expected, thats what i am trying to overcome.

why when i issue ./brutessh.py does it begin properly, go thru the list and literally just PASS UP the actual password i know it really is - why doesnt it stop and tell me, hey, heres the password like i believe/understand it suppose to.

in this example, when i manually SSH to the box, it immediately prompts for accepting the encryption key for the SSH session.

i dont think these BF SSH apps are seeing that, nor accepting it, either etc.

on the code issues...
i have what i feel is the code mentioned earlier...like an do_brk.c, ptrace_attach.c files and others.

but, when attempting compilations, i get numerous problems/errors.
0 memory not available
include missing
etc.

its these types of obstacles i need further direction on.

determining why exactly the SSH is failing and how to overcome it
i.e. is there somwhere in the app that i should be telling it
if prompted for a key, say yes!

determining why the 0 memory msg/etc. shows, how to overcome/resolve
is my compling method wrong, is something missing, is the code not working, is the OS patched against it, etc, etc, etc.


this is where i am heading....seeking more direct, hand holding input/guidance.

well...guess i better start my day finally....

thanks again and good luck to you both!

Since we're playing under the idea that this is all ethical training (group of friends playing capture the box or something on a private lab)

if you want to pay for a class, while not exactly hand holding, the first one that comes to mind is PWB / OSCP.

It'll be a lot thrown at you and take longer than the time you have.

if you have other user accounts already... Look into sudo.

Last week I was working with JTR and kept getting failures. I spent a couple of hours looking into why.  It didn't work the way the book said, but I learned a lot out side of the book trying to figure out why it wasn't working.

ok, havent left yet =)

doing so now, but i was able to run it and copy/paste my results for evaluation. below are summary samples of problems, but i will attach full .TXT file for review.

can you tell what, if anything, i am doing wrong???
or, can you point me to where i might get the help to get these up/working?

i sure as heck cannot figure it out =(

well, thanks though!

================

root@bt:/usr/include# ls | grep crash
crash.c

root@bt:/usr/include# ls | grep do_
do_brk.c

root@bt:/usr/include# ls | grep krn
krnl.l.c

root@bt:/usr/include# ls | grep ptra
ptrace_attach.c


*************************************************************************
PROBLEM 1
root@bt:/usr/include# gcc -o crash crash.c
crash.c: In function 'Handler':
crash.c:8: error: memory input 0 is not directly addressable
crash.c:10: error: memory input 0 is not directly addressable
*************************************************************************

*************************************************************************
PROBLEM 2
root@bt:/usr/include# gcc -o do_brk do_brk.c
do_brk.c:1: error: expected identifier or '(' before '/' token
In file included from /usr/include/stdio.h:75,
                 from do_brk.c:3:
/usr/include/libio.h:332: error: expected specifier-qualifier-list before 'size_t'
/usr/include/libio.h:364: error: expected declaration specifiers or '...' before 'size_t'
/usr/include/libio.h:373: error: expected declaration specifiers or '...' before 'size_t'
*************************************************************************

*************************************************************************
PROBLEM 3
root@bt:/usr/include# gcc -o krnl krnl.l.c
krnl.l.c: In function 'TakeDown':
krnl.l.c:54: error: memory input 0 is not directly addressable
*************************************************************************

*************************************************************************
PROBLEM 4
root@bt:/usr/include# gcc -o ptrace ptrace_attach.c
ptrace_attach.c:2: error: expected identifier or '(' before '--' token
ptrace_attach.c:8:24: error: linux/user.h: No such file or directory
ptrace_attach.c: In function 'main':
ptrace_attach.c:25: error: storage size of 'regs' isn't known
*************************************************************************

root@bt:/usr/include#

Those are error messages. the In Function tells you what part of the code, the ones with numbers are the line numbers to look at.

As to why it works on CentOS but not the older Redhat, may have to deal with what libraries and other packages are installed on each box.