.

Introduction and question

<<

zpwr

User avatar

Newbie
Newbie

Posts: 1

Joined: Wed Oct 02, 2013 7:21 pm

Post Wed Oct 02, 2013 7:28 pm

Introduction and question

Hello EH community,

I'm Daniel, i'm currently studying Computer Security in Ontario.

Theres a million different threads on the forums, and I didn't know where to post so I decided to post here.

Just a quick question, for my Penetration Testing course, I need to exploit some vulnerabilities using whatever means I want on a vulnerable machine of my own. I want exploit a FTP server. With the anonymous access enabled, and I have a successful login, how would I get root prompt access (considering its a linux machine) from the ftp login?

Let me know your ideas/thoughts.
I apologize if I posted in the wrong area.

Daniel
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Mon Oct 07, 2013 4:56 am

Re: Introduction and question

Hi Daniel, welcome to the forums.

Your question makes me a little nervous, it comes across as a "I've found this machine on the internet with anonymous FTP access enabled and I want to hack it", rather than a learning experience, but I'll give you the benefit of the doubt.

Assuming this a course, and if it's anonymous FTP acess to root, I'd guess the host has been purposely made insecure. In which case I'd look into:

1. If SSH is also enabled and if the FTP allows full filesystem browsing, look into shadow/passwd files for a account you can easily crack, and then SSH into the machine, and then priv escalate yourself to root with sudo or su

2. If the machine is running a webserver and you can upload data into it via FTP, I'd upload a webshell and use that to gain shell access. Then sudo, su or local priv exploit yourself to root.

Hopefully that will give you enough of a starter to help out.

Return to Greetings

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software