HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 79 guests online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Privilege Escalation
EH-Net
May 22, 2013, 09:14:25 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Privilege Escalation  (Read 2654 times)
0 Members and 1 Guest are viewing this topic.
!TSS3cur3
Newbie
*
Offline Offline

Posts: 3


View Profile
« on: June 13, 2012, 12:49:01 AM »
Hi Everyone,

Hope everyone is doing fine. I have a testing Linux box and I have an unprivileged user account (apache) and need to get root access. I tried every root exploit available and nothing works.

What's the best method of getting higher privileges.

Regards
Logged
UNIX
Hero Member
*****
Offline Offline

Posts: 1235


View Profile
« Reply #1 on: June 13, 2012, 02:55:09 AM »
Some generic advice:

Quote
Just downloading and running exploits won't do any good, you need to do a proper enumeration of your targets.

Some things to look for:

  • Check which OS in which version is running on which kernel version
  • Check the environment variables
  • Check running services, their version and under which user they are running
  • Check if any 3rd party applications are installed/running
  • Check config files, scripts, databases, logs etc. and look for credentials, misconfigurations etc.
  • Check if any jobs are scheduled
  • Check if you can sniff any further network traffic
  • ...
Logged
!TSS3cur3
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #2 on: June 13, 2012, 08:43:27 AM »
Hi aweSEC,

I did check the OS, env, running services etc. But the problem is I'm checking all the stuff as a unprivileged user. Can't modify or change anything.

Just need someone to guide me a bit in the whole escalation process. What would one typically do if one has got an unprivileged shell.

Regards
Logged
ziggy_567
Sr. Member
****
Offline Offline

Posts: 361


View Profile
« Reply #3 on: June 13, 2012, 09:14:12 AM »
I think what aweSEC might be trying to tell you is that its more common to find a misconfiguration that leads to privilege escalation than a local privilege escalation exploit from a site like exploit-db.com.
Logged
--
Ziggy


eCPPT - GSEC - GCIH - GCUX - RHCE - SCSecA - Security+ - Network+
!TSS3cur3
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #4 on: June 14, 2012, 12:12:54 AM »
Hi Ziggy_567,

Jip, I understand 100% now. Thanks for the prompt responses.

Kind Regards
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.053 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.