ksecurity Posted September 29, 2013 Share Posted September 29, 2013 Howdy Hak5 folks.. Well, I'm expected some "try harders" and other such encouragement :)..I'm at the very tail end of the CPT exam. If anyone is unsure of it, first part is multi-choice (aced it!) ..second is compromising two VM's..got first in minutes happy to say..the second one......here is where I'm losing my hair very quickly. The objective is root password on both vm;s...this second one is where I seem to be hitting a dead end, and this is the first reaching out for help attempt. Basically, from what I can gather, this particular vm needs to be compromised via a local exploit be it privy escalation, shellcode yadda yadda..I have tried (I think) most methods that I can figure out (at my level at least) and just getting killed with each attempt. Not looking for someone to spell it out for me, after all I've been at this VM for 2 weeks now before asking for some guidance. So I'm happy to start a dialogue with anyone interested to help. I'll spill some of the VM details here and if someone is kind enough to brainstorm with me, it would be much appreciated. Cheers VM Info: Red Hat Linux 9 (Shrike) Kernel 2.4.20-8 i686 athlon i386 (bear in mind this is on a VMWare Workstation, host is AMD chip fyi) gcc 3.2.2 2 non-root accounts have been acquired, no sudo privileges, long story short, these accounts can't do squat The accounts allow direct (local) access on the vm, or via ssh etc. from attack VM Tried out about 12 known exploits (mainly exploit-db et.al) for OS version and kernel The discovered services have some minor-medium level vulnerabilities, but none from what I can tell help to getting to root/shadow file. FYI, for the exploits tried, (I'm a sooper noob with shellcode, but learning fast and taking ANOTHER course fml) some backfired entirely, some compiled but failed to run, some compiled ran but seg-faulted etc etc, so they may work and I'm just inexperienced at compiling or altering them appropriately I've done some local enumeration of possible config, suid etc etc flaws but cant really determine an approach Think that about does it for a 'where I'm at'...like I said, I actually dont really want the "Here's how.." but some discussion or tips would really be appreciated. Just kinda fried and probably overthinking but having trouble getting focused and feel kinda burnt as far as ideas go. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.