Post exploit privilege escalation

Something I’ve been looking into recently is privilege escalation.

You crack your way into a box (for example through the FTP service) and manage to hijack control of the thread. The problem is, you only have the permissions granted to the application. If it couldn’t edit system files, neither can you yet. This didn’t use to be a problem on old Windows configurations because often everything was run with administration privileges. These days, after compromising a box you may need to escalate privileges in order to achieve anything useful.

Here are two posts I found helpful on the topic:
Windows
http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/

Linux
http://insidetrust.blogspot.com/2011/04/quick-guide-to-linux-privilege.html

Another option is to find, configure and use ready made exploits at exploit-db.com or securityfocus.com. Or you may get lucky and find that Metasploit has options available for you.

From a Meterpreter console you can use the command ‘getsystem’ to attempt to automatically escalate privileges. Or, once you have a session type ‘search post’ to see all the modules you can use on that session, some of them are escalation. You simply ‘use’ that module, set the session variable to the session you want to escalate and type ‘exploit’, and wait to see if system or root is delivered straight to your door.

 

If you liked this post, please consider a Bitcoin donation. Even a few cents would be huge! My address is: 1HcgS9GCPRQ1APv2TcqZMMskDxLjBaAKsG

Kind Regards,
Nick Cooper

Comments are closed.