| To: | "'Andrew'" <seraphele@gmail.com>, <pen-test@securityfocus.com> |
|---|---|
| Subject: | RE: Any suggests about a possible LRE (local root escalation) |
| From: | "Paul Melson" <pmelson@gmail.com> |
| Date: | Thu, 22 Feb 2007 11:26:42 -0500 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:from:to:references:subject:date:message-id:mime-version:content-type:content-transfer-encoding:x-mailer:in-reply-to:x-mimeole:thread-index; b=oqXmqD3M7hD4jDW6dm0M4u7uQvzcrxHo/14kHGkigxqNye0t34uHnm+CPo1apM+t3BVDelNd4HA4h9hLDRf2OrM3iX8Db7g30XZnXln3y/380iodvSBRCUnQYfnpznHzqhSbUOLiLz1L+md9P5GnTGA/QHMeu/bgPtZRdlD4uLI= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:from:to:references:subject:date:message-id:mime-version:content-type:content-transfer-encoding:x-mailer:in-reply-to:x-mimeole:thread-index; b=p93PhVLXpnsCbSNCo9o2MHZroEW8f/pfYCaFElnzxSQN3Di31uvmyYoGmXJAVR/33cbz/mjeRLzZpivBehC1mPcavpOE26sopqfNLF+OkmRYzCvdoH0MxaeROJGzpt0voqSy/lWuOWza4JBHRyhjDYv/xxyjE1wgaPv9AzEu1Xc= |
| In-reply-to: | <372efbf60702201706y609b8c75jc12d62e12de50850@mail.gmail.com> |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| References: | <372efbf60702201706y609b8c75jc12d62e12de50850@mail.gmail.com> |
| Resent-date: | Fri, 23 Feb 2007 19:31:46 -0700 (MST) |
| Resent-from: | pen-test-return-1078483613@securityfocus.com |
| Resent-message-id: | <20070224023146.3AD70340259@outgoing2.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
| Thread-index: | AcdWRTjb6Cs5UuTiRtey7iK86J88IQAV9s4A |
> We are pen-testing a couple of a company webserver that hosts something like many thousand websites. We > got a shell working through a remote file inclusion vulnerability we found. We are in but there seems to > be no apps we could "use" to gain a root escalation from the local low-priviledges shell. OS is centOS > 4.4 and kernel is 2.6.9-42.0.3.ELsmp. Do you have any ideas to gain a root escalation over this > OS/kernel configuration? An easy thing to do would be to configure Nessus local scans (they have a CentOS category I believe) with your shell configuration and have Nessus ssh into the box and check for unpatched vulns. That should take all of 10 minutes and might yield an unpatched local root. Next step might be 'find / -type f -perm -4000' and start overflowing command line arguments until something segfaults. There are usually lots of ways to get root from a local shell, especially if the box hasn't been hardened from its default configuration. Try and figure out what cron jobs run, what files they touch, look at /tmp, etc. PaulM ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | windows 2003 server, Chris Parker |
|---|---|
| Next by Date: | Re: DNS mapping, crazy frog crazy frog |
| Previous by Thread: | Any suggests about a possible LRE (local root escalation), Andrew |
| Next by Thread: | Re: Any suggests about a possible LRE (local root escalation), Florian Rommel |
| Indexes: | [Date] [Thread] [Top] [All Lists] |