Privilege Escalation on Linux with Live examples

One of the most important phase during penetration testing or vulnerability assessment is Privilege Escalation. During that step, hackers and security researchers attempt to find out a way (exploit, bug, misconfiguration) to escalate between the system accounts. Of course, vertical privilege escalation is the ultimate goal. For many security researchers, this is a fascinating phase.

In the next lines, we will see together several real examples of privilege escalation. We will use labs that are currently hosted at Vulnhub. Of course, we are not going to review the whole exploitation procedure of each lab. Instead, we will suppose that we have already gained access to the machine and, together, we will move from an unprivileged user into the root.

We will perform all the privilege escalation techniques manually. This means that no automatic tools will be used to escalate the privileges. Of course, though, tools and papers will be given as reference at the end of the article. Before you begin reading the next lines, I suggest you have a look at my personal Privilege Escalation Bible: G0tmi1k: Basic Linux Privilege Escalation written by the very talented g0tmi1k.

The purpose of the article is to give you an idea of how privilege escalation looks and works on real machines. We will not attempt to explain all the available techniques as this would require several articles and at the same time, g0tmi1k and other people have done this before, perfectly.

VulnOS 2

VulnOS version 2 is a very common boot to root lab available at Vulnhub. Once someone manages to exploit the vulnerability and gain a shell, we will probably see something like the following:

The things that we should do first are:

  1. Check the OS Release of the vulnerable system
  2. View its Kernel Version
  3. Check the available users and the (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Nikos Danopoulos. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/TsWwUk7AGSY/