Skip to main content

LINUX PRIVILEGE ESCALATIONS BY SAWAN BHAN




WHAT IS PRIVILEGE ESCALATION?
Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an OS or application to achieve an higher access to resources that are normally protected from an application or user. The result could lead to unauthorized actions.
OBJECTIVE
In this blog, we will talk in detail as what security issues could lead to a successful privilege escalation attack on any Linux based systems.
Linux Permission Model

Linux has inbred from UNIX the concept of ownership and permissions of files. File permissions are used to protect systems against malicious tampering.

1.      In the above two screenshots, we can see that the file ‘p.txt’ only has read & write access by the owner ‘root’.
2.      We can see the permission denied error when I tried reading the file when I tried to access as “sawan”.
Security Professionals usually perform Privilege Escalations to either Read/Write any sensitive file or to insert a permanent backdoor.
                         “Privilege Escalations are POST EXPLOITS”
TECHNIQUES USED FOR PRIVILEGE ESCALATION
·         KERNEL EXPLOITS
·         EXPLOITING SERVICES WHICH ARE RUNNING AS ROOT
·         EXPLOITING SUID EXECUTABLES
·         EXPLOITING SUDO RIGHTS/USER
·         EXPLOITING BADLY CONFIGURED CRON JOBS
·         EXPLOITING USERS WITH ‘.’ IN THEIR PATH
In this blog, we are just going to cover the Kernel Exploits. We can un-shield other techniques on my upcoming blogs.

KERNEL EXPLOITS
Assumption: We have a shell on the remote system but we don’t have ‘root’ privileges.
 Let’s go get ‘root’ access on the system.
Exploiting a vulnerable machine using DIRTYCOW
VULN Operating system used for this demo: https://old-linux.com/
STEPS:
·         Whoami    current user

·         Uname –a  Kernel Version




·         Download link for Dirty cow    https://www.exploit-db.com/exploits/40839/



·         Compile and Execute the EXPLOIT

·         #ROOT PERMISSION GRANTED

Countermeasures
·         The kernel should be patched and updated. 

Sawan Bhan
 CONTACT cyber wizard

Comments

Post a Comment

Popular posts from this blog

Backdoorme - BACKDOOR EXPLOIT FOR HACKERS Tools like metasploit are great for exploiting computers, but what happens after you've gained access to a computer? Backdoorme answers that question by unleashing a slew of backdoors to establish persistence over long periods of time. Once an SSH connection has been established with the target, Backdoorme's strengths can come to fruition. Unfortunately, Backdoorme is not a tool to gain root access - only keep that access once it has been gained. Please only use Backdoorme with explicit permission - please don't hack without asking. Usage Backdoorme is split into two parts: backdoors and modules. Backdoors are small snippets of code which listen on a port and redirect to an interpreter, like bash. There are many backdoors written in various languages to give variety. Modules make the backdoors more potent by running them more often, for example, every few minutes or whenever the computer boots. This ...
Post a Comment
Read more

Treat your online privacy as you would treat your Money"

         "Treat your online privacy as you would treat your Money" Data breaches are common occurrences these days, with personal information routinely stolen or misused from social media, banks, retail outlets and other online sites. I shall give you a mantra!! Even if you are not an information security enthusiast.                                "The Mantra is to treat our online privacy as we would treat our money" By Sawan Bhan As an InfoSec guy i would always recommend the highest level of security to ensure our information  does not fall into the wrong hands. I am going to share some tips to strengthen the safety and security of our online accounts to avoid being the victim of a data breaches. #NOTHING IS EVER TRULY DELETED# Every time when we are online, we are leaving a trail of an activity. From websites to online shoppi...
Post a Comment
Read more

Tell me how did this happen? AND win a 32 GB persistent boo-table KALI LINUX OS.

How did this happen? Frame a plot/solution via a story (A video/Write-up). The winner would win a 32 GB persistent bootable KALI LINUX OS. Submit the You-tube video link/ Write-up @ hackin2minutes@gmail.com Winner will be announced  LIVE on my you-tube  channel  CYBER WIZARD                                                         Subscribe my Youtube channel :  CYBER WIZARD                                                              Story Professional, coordinated attackers with a plan, breached a server maintained by  Anonym University and walked off with nearly 800,000 records,...
Post a Comment
Read more