Skip to main content

LINUX PRIVILEGE ESCALATIONS BY SAWAN BHAN




WHAT IS PRIVILEGE ESCALATION?
Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an OS or application to achieve an higher access to resources that are normally protected from an application or user. The result could lead to unauthorized actions.
OBJECTIVE
In this blog, we will talk in detail as what security issues could lead to a successful privilege escalation attack on any Linux based systems.
Linux Permission Model

Linux has inbred from UNIX the concept of ownership and permissions of files. File permissions are used to protect systems against malicious tampering.

1.      In the above two screenshots, we can see that the file ‘p.txt’ only has read & write access by the owner ‘root’.
2.      We can see the permission denied error when I tried reading the file when I tried to access as “sawan”.
Security Professionals usually perform Privilege Escalations to either Read/Write any sensitive file or to insert a permanent backdoor.
                         “Privilege Escalations are POST EXPLOITS”
TECHNIQUES USED FOR PRIVILEGE ESCALATION
·         KERNEL EXPLOITS
·         EXPLOITING SERVICES WHICH ARE RUNNING AS ROOT
·         EXPLOITING SUID EXECUTABLES
·         EXPLOITING SUDO RIGHTS/USER
·         EXPLOITING BADLY CONFIGURED CRON JOBS
·         EXPLOITING USERS WITH ‘.’ IN THEIR PATH
In this blog, we are just going to cover the Kernel Exploits. We can un-shield other techniques on my upcoming blogs.

KERNEL EXPLOITS
Assumption: We have a shell on the remote system but we don’t have ‘root’ privileges.
 Let’s go get ‘root’ access on the system.
Exploiting a vulnerable machine using DIRTYCOW
VULN Operating system used for this demo: https://old-linux.com/
STEPS:
·         Whoami    current user

·         Uname –a  Kernel Version




·         Download link for Dirty cow    https://www.exploit-db.com/exploits/40839/



·         Compile and Execute the EXPLOIT

·         #ROOT PERMISSION GRANTED

Countermeasures
·         The kernel should be patched and updated. 

Sawan Bhan
 CONTACT cyber wizard

Comments

Post a Comment

Popular posts from this blog

Tell me how did this happen? AND win a 32 GB persistent boo-table KALI LINUX OS.

How did this happen? Frame a plot/solution via a story (A video/Write-up). The winner would win a 32 GB persistent bootable KALI LINUX OS. Submit the You-tube video link/ Write-up @ hackin2minutes@gmail.com Winner will be announced  LIVE on my you-tube  channel  CYBER WIZARD                                                         Subscribe my Youtube channel :  CYBER WIZARD                                                              Story Professional, coordinated attackers with a plan, breached a server maintained by  Anonym University and walked off with nearly 800,000 records, and have used the information to commit at least 30 acts of identity theft. Anonym officials reported on 19/06/2018, that between June and December of this year, a server containing records on some 3,500 employees was breached. Notification using all campus email was initiated, and the staffers were told to watch for unusual patterns on their credit card statements. The investigation is
Post a Comment
Read more

Security and Privacy

“Security and Privacy Are Not As Different As People Think”                       How we're dramatizing a distinction that serves no purpose,                            And introducing unneeded complexity in the process. S.B There’s a common belief in InfoSec community that Security and Privacy are related, but that they’re different enough to constantly mention the distinction. I don’t think the difference should matter much to defenders, and in fact, if you look close enough the distinction nearly vanishes. They are simply different aspects of the unified goal of protecting information. Security and Privacy are both about preventing unwanted outcomes related to data. As a society and as consumers we care about controlling who has our information, and we try to make sure those trusted vendors do the right thing with it. That’s privacy in a consumer or public context. But as a security professional—or as a security organization within a company—you are alread
Post a Comment
Read more

WHY IS CYBER SECURITY IMPORTANT?

WHY IS CYBER SECURITY IMPORTANT? Cyber Security is important because without any understanding or consideration of the issue you are waiting to be attacked. It may not happen now, or next week, but eventually you will be breached and you will have to deal with the fallout. In fact, in the last few years, cyber crime has grown at such a rapid rate it is now an issue all businesses should constantly be monitoring and managing. The latest “Cost of data breach study: Australia”, by IBM and the Ponemon Institute, concluded that in 2014 the likelihood of an Australian company or organisation experiencing a data breach involving at least 10,000 records had increased to 18 per cent over a 24 month period – that is, nearly one in five Australian companies or organisations will experience a serious data breach in the next two years. And this breach rate continues to grow. The problem is also growing rapidly in other Asia-Pacific nations. The Australian Institute of Criminology (AIC
Post a Comment
Read more