• XSS.stack #1 – первый литературный журнал от юзеров форума

эскалация привилегий в Linux

Отслеживать
SakaiHaki

SakaiHaki

CD-диск
Пользователь
Регистрация
21.09.2024
Сообщения
19
Реакции
1
Я ищу способ повышения привилегий для версии Linux 5.10.0-33 | Debian 11

Я уже нашел CVEs, но безрезультатно.

кто может поделиться, буду благодарен. похоже, что CVE-2021-32606 работает
 
SakaiHaki сказал(а):
Я уже нашел CVEs, но безрезультатно.

To be honest, I think the best way to escalate privileges and do a good internal check on the machine you're on, and use the shell to search for passwords and things like that. Maybe one of those passwords is the root password or something like that.

Is this a real machine?
 
It's a bit complicated to find passwords on an internal Linux network with 30 machines and with access to only 1 of those machines full of restrictions. Although, it has more than 500TB... I could have tried a lot of things, but if it weren't for this huge storage size and the restrictions also caused by my webshell cmd... I would have already found it xD
 
SakaiHaki сказал(а):
It's a bit complicated to find passwords on an internal Linux network with 30 machines and with access to only 1 of those machines full of restrictions. Although, it has more than 500TB... I could have tried a lot of things, but if it weren't for this huge storage size and the restrictions also caused by my webshell cmd... I would have already found it xD
in this case, use ligolo-ng, check the internal services with nmap. try to collect users on the internet, test them. there are endless possibilities.
 
The biggest problem is that it does not accept any external traffic (192.168..), the user is www-data and does not have permission to download a file via uploader.sh... especially to install git, wget, etc. I'm in a dead end, it's complicated. The only solution would be to escalate privileges to root and manage to install the packages. But thanks for your help!
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх