Description: Overview
Our target system is Kioptrix 2.
Kioptrix is a "Vulnerable-By-Design OS" which serves as a Pentest lab for security enthusiasts to legally try out their skills with the aim to completely compromise the machine.
The video describes a step-by-step way of going about this.
Steps
* Discover network for hosts (Netdiscover
* Scan target network (Nmap)
* Bypass login screen (MySQL Injection)
* Set NetCat to listen on attack machine
* Inject bash reverse shell.
* Navigate to directory where apache user can write files (cd /tmp)
* Search for Local privilege escalation exploit for linux kernel version 2.6
* Download exploit code and host it on attack machine
* Use reverse shell to wget exploit code to Victim's machine
* Compile exploit code and Execute.
* Game Over
http://rotimiakinyele.com/posts/rooting-a-box-local-command-execution.jsp
- Rotimi Akinyele (Infosec Shinobi)
Tags: linux hacking , rooting a box , local command execution , sql injection , rotimi akinyele ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.