Home
Calendar
Certifications
Columns
Features
Forum
Resources
Vitals
Latest Additions
April 2013 Free Giveaway Sponsor - eLearnSecurity
Human Intelligence to Navigate the Security Data Deluge
February 2013 Free Giveaway Winner of SANS CyberCon Training
Interview: Bugcrowd Founders on Herding Ninjas for Crowdsourced Bug Bounties
Network Forensics: The Tree in the Forest
March 2013 Free Giveaway Sponsor - Mile2
Book Review: Violent Python
February 2013 Free Giveaway Sponsor - SANS
Holiday 2012 Free Giveaway Winner of Metasploit Pro by Rapid7
Course Review: SANS FOR408 Computer Forensic Investigations – Windows In-Depth
The Security Consulting Sugar High
Tutorial: Fun with SMB on the Command Line
Interview: Ilia Kolochenko, CEO of High-Tech Bridge
October 2012 Free Giveaway Winner of LearningGate Training
The Broken: Assessing Corporate Security in 2012 to Make a Better 2013
EH-Net Login
Welcome Guest.
Username:
Password:
Remember me
Lost Password?
No account yet?
Register
Who's Online
We have 34 guests and 1 member online
You are here:
Home
Ethical Hacking Discussions and Related Certifications
Network Pen Testing
OSCP - Offensive Security Certified Professional
Restarting my OSCP journey
EH-Net
May 19, 2013, 02:30:05 PM
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News
: Go back to The Ethical Hacker Network Online Magazine
Home Page
Home
Help
Calendar
Login
Register
EH-Net
>
Ethical Hacking Discussions and Related Certifications
>
Network Pen Testing
>
OSCP - Offensive Security Certified Professional
(Moderator:
don
) >
Restarting my OSCP journey
Pages: [
1
]
Go Down
« previous
next »
Print
Author
Topic: Restarting my OSCP journey (Read 3266 times)
0 Members and 1 Guest are viewing this topic.
blackzero
Newbie
Offline
Posts: 8
Restarting my OSCP journey
«
on:
September 13, 2012, 02:53:41 AM »
I registered for PWB last October, after initial excitement, the terror of covering all pre-requisite started. So like almost everyone else I bought books. a lot of books. I learned python and web app development (udacity), I learned C and socket programming, Linux ASM, various tuts on security tube, Exploit-exercise.com etc
Now I am back and I want my OSCP. But before I sign up for the labs again there is one "little" topic which I need to cover. Priv escalation! There are tons of resources abt exploitation but I can't for the life of me, find tutorial or books for priv esc. I would really appreciate some pointers regarding that. Hopefully that should minimize the pain in the labs this time around.
Cheers!
Logged
m0wgli
Full Member
Offline
Posts: 247
Re: Restarting my OSCP journey
«
Reply #1 on:
September 13, 2012, 03:01:17 AM »
g0tmi1k's blog has a good cheat sheet of commands for Basic Linux Privilege Escalation:
http://g0tmi1k.blogspot.co.uk/2011/08/basic-linux-privilege-escalation.html
There was also a recent tutorial on here by Jamie.R called Basic Priv Esculation for newbi:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,9169.0/
«
Last Edit: September 13, 2012, 03:05:35 AM by m0wgli
»
Logged
Security + | OSWP | eCPPT | CSTA
shadowzero
Full Member
Offline
Posts: 120
It's a UNIX system, I know this!
Re: Restarting my OSCP journey
«
Reply #2 on:
September 13, 2012, 06:08:42 AM »
Best way to practice privilege escalation is to do it. Get a hold of vulnerable virtual machines like Kioptrix and De-ICE and root them. The PWB labs are also a great place to practice privilege escalation. The labs are for you to learn and make mistakes, so take advantage of that.
Logged
cd1zz
Hero Member
Offline
Posts: 561
Re: Restarting my OSCP journey
«
Reply #3 on:
September 13, 2012, 09:20:52 AM »
The key to this is knowing what the different local priv exploits are for all the different kernels. After you know which ones there are its really just a matter of figuring out if the box your on is the same kernel and/or has the vulnerable software installed on the box.
Start on exploit-db to get an idea. However, there are some that are not in exploit-db. A typical "<insert kernel version> exploit" google search will do....
Logged
OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
H1t M0nk3y
Hero Member
Offline
Posts: 864
Re: Restarting my OSCP journey
«
Reply #4 on:
September 13, 2012, 09:42:52 AM »
You may want to read this thread too (I originally made a typo in the title "e
X
calation" as oppose to "e
S
calation")
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5966.0/
MaXe and Sil, amongst others, made long and useful comments...
Logged
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
sh4d0wmanPP
Newbie
Offline
Posts: 42
Re: Restarting my OSCP journey
«
Reply #5 on:
September 13, 2012, 09:07:30 PM »
Here are some links for Windows that I bookmarked for Windows:
http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
http://pentestmonkey.net/tools/windows-privesc-check
http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/
I did not try any of them yet as I currently focus on Linux. If you play the IO challanges on smashthestack.org then level4 is good to practise. It teaches you to abuse SETUID/SETGUID programs.
Basically you search for any program running with SETUID and see if there is a vulnerability in it. Then you exploit it and you gain the elevated rights.
Logged
EXIN ISO/IEC 27002: ISF & ISMAS, ITIL Foundation, Comptia Security+, CCNA, CCNA Security, Wip: OSWP
Pages: [
1
]
Go Up
Print
« previous
next »
Jump to:
Please select a destination:
-----------------------------
EH-Net
-----------------------------
=> Calendar Of Events
===> ChicagoCon 2007
===> ChicagoCon 2008s
===> ChicagoCon 2008f
===> ChicagoCon 2009s
=> Ethical Hacktivism
=> News Items and General Discussion About EH-Net
===> Greetings
=> Special Events
-----------------------------
Ethical Hacking Discussions and Related Certifications
-----------------------------
=> General Certification
===> Networking
===> OS
===> Security
=> Compliance, Regulations & Standards
=> Control Systems
=> Cyber Warfare
=> Forensics
===> CCE / MCCE - (Master) Certified Computer Examiner
===> CHFI - Computer Hacking Forensic Investigator
===> EnCE - EnCase® Certified Examiner
===> GCFA - GIAC Certified Forensics Analyst
=> Hardware
=> Incident Response
===> CSIH - Computer Security Incident Handler
===> GCIH - GIAC Certified Incident Handler
=> Malware
===> Advisories
=> Mobile
=> Network Pen Testing
===> CEH - Certified Ethical Hacker
===> CPTC - Certified Penetration Testing Consultant
===> CPTE - Certified Penetration Testing Engineer
===> CSTA - Certified Security Testing Associate
===> eCPPT - eLearnSecurity Certified Professional Penetration Tester
===> ECSA - EC-Council Certified Security Analyst
===> GPEN - GIAC Certified Penetration Tester
===> OSCP - Offensive Security Certified Professional
=> Physical Security
=> Programming
=> Social Engineering
=> Web Applications
=> Wireless
===> CWNP Certs
===> GAWN - GIAC Assessing Wireless Networks
===> OSWP - Offensive Security Wireless Professional
=> Other
-----------------------------
Columns
-----------------------------
=> Editor-In-Chief
=> Andress
=> Gates
=> Haddix
=> Hadnagy
=> Heffner
=> Hoffman
=> Linn
=> RichM
=> Murray
=> J. Peltier
=> Weidman
=> Wilson
-----------------------------
Features
-----------------------------
=> /root
=> Book Reviews
=> Opinions
=> Skillz
===> Examples
===> May 06 - Star Hacks, Episode V: The Empire Hacks Back
===> July 06 - Hack Bill!
===> Sept 06 - Netcat in the Hat
===> Nov 06 - Hitch-Hackers Guide to the Galaxy
===> Dec 06 - A Christmas (Hacking) Story
===> Feb 07 - Charlottes Web Site
===> April 07 - Microsoft Office Space
===> June 07 - Serenity Hack
===> Oct 07 - Worst. Ethical. Hacker. Challenge. Ever.
===> Dec 07 - Frosty the Snow Crash
===> March 2008 - It Happened One Friday
===> Oct 2008 - Scooby Doo and the Crypto Caper
===> Dec 08 - Santa Claus Is Hacking to Town
===> Feb 2009 - Brady Bunch Boondoggle
===> July 2009 - Prison Break
===> October 2009 - SSHliders
===> December 2009 - Miracle on Thirty-Hack Street
===> December 2010 - The Nightmare Before Charlie Browns Christmas
-----------------------------
Resources
-----------------------------
=> Career Central
===> Looking For Work
===> Looking To Hire
=> Links to cool sites.
=> Mass Media
=> News from the Outside World
=> Tools
=> Tutorials
===> Tutorial Requests
Loading...
Exclusive Deal
SANSFIRE 2013
June 15 - 22
5% Off
w/ Code
:
EHN_5
SANS Deals 4 EH-Netters
5% OFF
Any
SANS Course
in Any Format!
Coupon Code:
EHN_5
Including
SANS Rocky Mountain 2013
&
SANS Boston 2013
Polls
Compared to this year, 2013 will be:
Great!
Better.
About the same.
Little worse.
FUBAR!
Recent Forum Topics
Incident Response
: LinkedIn Forensics
(0) by
AFENTIS_Forensics
General Certification
: Red Team/Blue Team
(1) by
ajohnson
OSCP - Offensive Security Certified Professional
: Class Scheduled 6/8 - Linux n00b
(6) by
Grendel
Career Central
: Starter cert?
(3) by
Grendel
Network Pen Testing
: Beginner Ethical Hacker
(1) by
m0wgli
General Certification
: CPT Practical Submission
(0) by
z28power4u
Web Applications
: Nessus and Nikto
(4) by
Seen
Tutorials
: Need guidance
(7) by
impelse
Malware
: EICAR?
(2) by
SephStorm
Network Pen Testing
: Cracking salted MD5 hash
(4) by
n37sh@rk
CEH - Certified Ethical Hacker
: Passed my C|EH
(3) by
n37sh@rk
Mass Media
: EC-council hacked, irony at his best?
(0) by
j0rDy
Web Applications
: SQL Injection into an INSERT statement.
(6) by
eyenit0
Network Pen Testing
: Solution for sipXtapi INVITE Message CSeq Field Header Remote Overflow
(1) by
m0wgli
Web Applications
: dns
(2) by
H1t M0nk3y
Other
: BSides Boston
(0) by
3xban
Career Central
: InfoSec in Central, FL
(2) by
tturner
Web Applications
: Web vulnerability scanner
(4) by
H1t M0nk3y
EH-Net News Feeds
Latest Additions
Privacy Notice
for TDCC & All Properties
© 2013 The Ethical Hacker Network
Joomla!
is Free Software released under the GNU/GPL License.
Incident Response : LinkedIn Forensics
