Jump to content

how to escalate privileges on Fedora 15?


joey-world
 Share

Recommended Posts

Here is the deal

I was testing what would happen if someone was able to get into one of the regular user accounts through ssh on a "server" in fedora.

To make the test more realisticly I created an apache server, with php, sqlite, ssh server, ftp server, and so on.

I was able to exploit the ssh server. I am in a low privileged user and all I have is a shell.

How can I continue forward with the attack since I am a regular user? maybe there is something I can upload to the ftp and come back with an escalated shell?

Thank you

Best regards

Link to comment
Share on other sites

For the most part you can only get root from an FTP server if the FTP server is running as root. If the FTP server is not running as root, then it can't grant you root privileges.

Why dont you find all files that are owned by root and look for ways of exploiting them?

Best of luck with it. I just finished a Pen Test where part of my job was a similar task, unpriv shell and my job was to get root on RHEL. Didn't get root in the timeframe I had. Sad panda.

Link to comment
Share on other sites

ps -faU root

That yields your processes running as root.

find / -user root -perm -4000 -exec ls -ldb {} \;

And that one gives you all the root-owned setuid binaries. If you don't much care about it being a different user than root (can be useful when you get a shell for 'nobody' or some such) drop the "-user root" bit.

uname -a

Gives you your kernel version and a few more bits of info that you can consider useful for determining your attack vector.

These 3 are basically the targets for you to play with. If you can't find an exploit in any of them, you're basically stuck on your current privileges. Can still be useful as a staging session towards other boxes within the network, but as it stands this is where you'll remain.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...