.

Privilege Escalation

<<

!TSS3cur3

Newbie
Newbie

Posts: 3

Joined: Wed Jun 13, 2012 12:44 am

Post Wed Jun 13, 2012 12:49 am

Privilege Escalation

Hi Everyone,

Hope everyone is doing fine. I have a testing Linux box and I have an unprivileged user account (apache) and need to get root access. I tried every root exploit available and nothing works.

What's the best method of getting higher privileges.

Regards
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Jun 13, 2012 2:55 am

Re: Privilege Escalation

Some generic advice:

Just downloading and running exploits won't do any good, you need to do a proper enumeration of your targets.

Some things to look for:

  • Check which OS in which version is running on which kernel version
  • Check the environment variables
  • Check running services, their version and under which user they are running
  • Check if any 3rd party applications are installed/running
  • Check config files, scripts, databases, logs etc. and look for credentials, misconfigurations etc.
  • Check if any jobs are scheduled
  • Check if you can sniff any further network traffic
  • ...
<<

!TSS3cur3

Newbie
Newbie

Posts: 3

Joined: Wed Jun 13, 2012 12:44 am

Post Wed Jun 13, 2012 8:43 am

Re: Privilege Escalation

Hi aweSEC,

I did check the OS, env, running services etc. But the problem is I'm checking all the stuff as a unprivileged user. Can't modify or change anything.

Just need someone to guide me a bit in the whole escalation process. What would one typically do if one has got an unprivileged shell.

Regards
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Wed Jun 13, 2012 9:14 am

Re: Privilege Escalation

I think what aweSEC might be trying to tell you is that its more common to find a misconfiguration that leads to privilege escalation than a local privilege escalation exploit from a site like exploit-db.com.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

!TSS3cur3

Newbie
Newbie

Posts: 3

Joined: Wed Jun 13, 2012 12:44 am

Post Thu Jun 14, 2012 12:12 am

Re: Privilege Escalation

Hi Ziggy_567,

Jip, I understand 100% now. Thanks for the prompt responses.

Kind Regards

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software