The Ethical Hacker Network - Restarting my OSCP journey

Latest Additions

Who's Online

blackzero

Newbie

Offline

Posts: 8

Restarting my OSCP journey

« on: September 13, 2012, 02:53:41 AM »

I registered for PWB last October, after initial excitement, the terror of covering all pre-requisite started. So like almost everyone else I bought books. a lot of books. I learned python and web app development (udacity), I learned C and socket programming, Linux ASM, various tuts on security tube, Exploit-exercise.com etc

Now I am back and I want my OSCP. But before I sign up for the labs again there is one "little" topic which I need to cover. Priv escalation! There are tons of resources abt exploitation but I can't for the life of me, find tutorial or books for priv esc. I would really appreciate some pointers regarding that. Hopefully that should minimize the pain in the labs this time around.

Cheers!


	Logged

m0wgli

Full Member

Offline

Posts: 248

Re: Restarting my OSCP journey

« Reply #1 on: September 13, 2012, 03:01:17 AM »

g0tmi1k's blog has a good cheat sheet of commands for Basic Linux Privilege Escalation:

http://g0tmi1k.blogspot.co.uk/2011/08/basic-linux-privilege-escalation.html

There was also a recent tutorial on here by Jamie.R called Basic Priv Esculation for newbi:

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,9169.0/


« Last Edit: September 13, 2012, 03:05:35 AM by m0wgli »	Logged

Security + | OSWP | eCPPT | CSTA

shadowzero

Full Member

Offline

Posts: 120

It's a UNIX system, I know this!

Re: Restarting my OSCP journey

« Reply #2 on: September 13, 2012, 06:08:42 AM »

Best way to practice privilege escalation is to do it. Get a hold of vulnerable virtual machines like Kioptrix and De-ICE and root them. The PWB labs are also a great place to practice privilege escalation. The labs are for you to learn and make mistakes, so take advantage of that.


	Logged

cd1zz

Hero Member

Offline

Posts: 561

Re: Restarting my OSCP journey

« Reply #3 on: September 13, 2012, 09:20:52 AM »

The key to this is knowing what the different local priv exploits are for all the different kernels. After you know which ones there are its really just a matter of figuring out if the box your on is the same kernel and/or has the vulnerable software installed on the box.

Start on exploit-db to get an idea. However, there are some that are not in exploit-db. A typical "<insert kernel version> exploit" google search will do....


	Logged

OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com

H1t M0nk3y

Hero Member

Offline

Posts: 864

Re: Restarting my OSCP journey

« Reply #4 on: September 13, 2012, 09:42:52 AM »

You may want to read this thread too (I originally made a typo in the title "eXcalation" as oppose to "eScalation")

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5966.0/

MaXe and Sil, amongst others, made long and useful comments...


	Logged

OSCP, GPEN, GWAPT, GSEC, CEH, CISSP

sh4d0wmanPP

Newbie

Offline

Posts: 42

Re: Restarting my OSCP journey

« Reply #5 on: September 13, 2012, 09:07:30 PM »

Here are some links for Windows that I bookmarked for Windows:

http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/

http://pentestmonkey.net/tools/windows-privesc-check

http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/

I did not try any of them yet as I currently focus on Linux. If you play the IO challanges on smashthestack.org then level4 is good to practise. It teaches you to abuse SETUID/SETGUID programs.

Basically you search for any program running with SETUID and see if there is a vulnerability in it. Then you exploit it and you gain the elevated rights.