#Linux #PrivilegeEscalation #suid
In this video, you will find an overview and examples of the use of the most famous and, importantly, working utilities for escalating Linux privileges . I will tell you how to manipulate the system and become root.
We will also talk about protection and look at the best utilities for checking and protecting the system from post-exploitation techniques, which can be useful both in protecting Linux and in pentesting.
Privilege escalation in Linux
Escalation - (privilege escalation) is the exploitation of vulnerabilities in the operating system or application software, allowing access to resources that are usually protected from a specific user. As a result, the hacker has more privileges than intended by the developer or system administrator and can perform unauthorized actions on the target system.
In the process of penetration testing or vulnerability assessment, privilege escalation is a very important step. At this stage, hackers and security researchers often use exploits, bugs, and misconfigurations to escalate privileges.
After obtaining a SHELL with low privileges, we typically do the following:
1. Determine the release version of the operating system.
2. Check the kernel version
3. Determine the permissions of the current user
4. List files Suid.
5. View installed packages, programs, running services, outdated versions may have vulnerabilities
Every time we escalate privileges, we will test again and again. We will look for all possible methods of privilege escalation and apply them in turn until we succeed. We will brute force test various kernel exploits and account numbers. In this example, we know that the operating system is using Ubuntu 14.04.4 LTS and the kernel version is 3.13.0-24-generic. First we try to use overlayfs. This exploit will work up to Linux kernel 3.19 on Ubuntu 12.04/14.04/14.10/15.04. After 3.13.0 let's test.
We first change to the /tmp directory, then we create a new file and paste the exploit code into it.
What is SUID?
The Change Owner bit or SUID (Set User ID) is a Linux file system permission that allows you to run an executable file on behalf of its owner.
It is needed because many actions in Linux (for example, opening a "raw" network socket) require superuser rights. The familiar ping command uses network sockets and therefore must be run as root.
How can a normal user be allowed to use the ping command? You can issue the user sudo on the necessary commands. But imagine that a hypothetical Linux machine has 100 users and about 20 privileged commands.
And how then to manage sudo permissions for all this "wealth"? Not the most elegant solution, is it? On the other hand, the change ownership bit simplifies the process a lot. The change ownership bit will tell the system
So, you and I understand what SUID is, but hackers understand it too. In most cases, privilege escalation through an executable with a SUID is possible if:
the executable allows you to interact with the file system ;
the executable somehow has the ability to exit to the command line .
Privilege escalation through insecure configuration
First of all, let's deal with the insecure configuration. To begin with, IT professionals often use manuals and resources like stackoverflow , many of which contain insecure commands and configs.
A striking example is the news that the code most copied from stackoverflow contained an error. An experienced admin will see the jamb, but this is in an ideal world. Even competent professionals with increased workloadcapable of making mistakes.
Imagine that the administrator is preparing and approving documentation for the next tender, at the same time delving into the new technology that will be introduced in the next quarter, while periodically solving user support tasks.
And then he is given the task of quickly raising a couple of virtual machines and rolling out services on them. What do you think, what is the probability that the admin simply does not notice the jamb? Then the specialists change, but the crutches remain, while companies always strive to minimize costs, including for IT specialists.
/Social Media\____
Instagram: / chandan.ghodela
Twitter: / chandanghodela
LinkedIn: / chandan-singh-ghodela
/References\_______________________
linPEAS :- github.com/carlospolop/PEASS-...
TryHackMe :- tryhackme.com/room/linprivesc
/HashTags\____________
#linux #programming #hacking #python #coding #cybersecurity #technology #hacker #kalilinux #programmer #windows #tech #ethicalhacking #computerscience #java #javascript #developer #hackers #hack #coder #security #code #infosec #software #html #ethicalhacker #pentesting #computer #cyber #programmingmemes #LinuxPrivilegeEscalation #PrivilegeEscalation #enumeration #AutomatedTools #Kernel #Exploit #sudo #SUID #capabilities #cronjobs #path #nfs #capston #challenge #tryhackme