.

Restarting my OSCP journey

<<

blackzero

Newbie
Newbie

Posts: 8

Joined: Mon Jan 24, 2011 6:16 am

Post Thu Sep 13, 2012 2:53 am

Restarting my OSCP journey

I registered for PWB last October, after initial excitement, the terror of covering all pre-requisite started. So like almost everyone else I bought books. a lot of books. I learned python and web app development (udacity), I learned C and socket programming, Linux ASM, various tuts on security tube, Exploit-exercise.com etc

Now I am back and I want my OSCP. But before I sign up for the labs again there is one "little" topic which  I need to cover. Priv escalation! There are tons of resources abt exploitation but I can't for the life of me, find tutorial or books for priv esc. I would really appreciate some pointers regarding that. Hopefully that should minimize the pain in the labs this time around.

Cheers!
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Thu Sep 13, 2012 3:01 am

Re: Restarting my OSCP journey

g0tmi1k's blog has a good cheat sheet of commands for Basic Linux Privilege Escalation:

http://g0tmi1k.blogspot.co.uk/2011/08/b ... ation.html

There was also a recent tutorial on here by Jamie.R called Basic Priv Esculation for newbi:

http://www.ethicalhacker.net/component/ ... ic,9169.0/
Last edited by m0wgli on Thu Sep 13, 2012 3:05 am, edited 1 time in total.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

shadowzero

User avatar

Full Member
Full Member

Posts: 120

Joined: Sat Jun 02, 2012 10:03 pm

Post Thu Sep 13, 2012 6:08 am

Re: Restarting my OSCP journey

Best way to practice privilege escalation is to do it. Get a hold of vulnerable virtual machines like Kioptrix and De-ICE and root them. The PWB labs are also a great place to practice privilege escalation. The labs are for you to learn and make mistakes, so take advantage of that.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Thu Sep 13, 2012 9:20 am

Re: Restarting my OSCP journey

The key to this is knowing what the different local priv exploits are for all the different kernels. After you know which ones there are its really just a matter of figuring out if the box your on is the same kernel and/or has the vulnerable  software installed on the box.

Start on exploit-db to get an idea. However, there are some that are not in exploit-db. A typical "<insert kernel version> exploit" google search will do....
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Sep 13, 2012 9:42 am

Re: Restarting my OSCP journey

You may want to read this thread too (I originally made a typo in the title "eXcalation" as oppose to "eScalation")

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5966.0/

MaXe and Sil, amongst others, made long and useful comments...
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

sh4d0wmanPP

Newbie
Newbie

Posts: 42

Joined: Sat Aug 11, 2012 6:42 am

Post Thu Sep 13, 2012 9:07 pm

Re: Restarting my OSCP journey

Here are some links for Windows that I bookmarked for Windows:

http://travisaltman.com/windows-privile ... rmissions/

http://pentestmonkey.net/tools/windows-privesc-check

http://www.netspi.com/blog/2009/10/05/w ... rivileges/

I did not try any of them yet as I currently focus on Linux. If you play the IO challanges on smashthestack.org then level4 is good to practise. It teaches you to abuse SETUID/SETGUID programs.

Basically you search for any program running with SETUID and see if there is a vulnerability in it. Then you exploit it and you gain the elevated rights.
EXIN ISO/IEC 27002: ISF & ISMAS, ITIL Foundation, Comptia Security+, CCNA, CCNA Security, Wip: OSWP

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software