Re: Any suggests about a possible LRE (local root escalation)

To:	Andrew <seraphele@gmail.com>, <pen-test@securityfocus.com>
Subject:	Re: Any suggests about a possible LRE (local root escalation)
From:	Florian Rommel <frommel@gmail.com>
Date:	Thu, 22 Feb 2007 14:27:14 +0200
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:user-agent:date:subject:from:to:message-id:thread-topic:thread-index:in-reply-to:mime-version:content-type:content-transfer-encoding; b=hevC+Hpe/4cQEa4elFJqMI3fNFGqNF+tlRwTWD5ZExA/LC/PdcA03py2Fcp6y4rIxOtbHQUEHipoa7XuVgHorc7Yc/G6RXa9SKHGgYxUaREtyAd5W4VYe1ovnM1siRXDxnzLD3L6GStjkIxY3HeCEaJSgzmqOTnXrcn/voEbq0A=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:user-agent:date:subject:from:to:message-id:thread-topic:thread-index:in-reply-to:mime-version:content-type:content-transfer-encoding; b=VWLXKk6ifv4n5oRdEmUS24YPKTKqnUMPPWmdqqlDv9sn0nrEVpO0L6Yp5xBqYjsSANiIj3HNZYewtgUiZ/mOp6/+Kdjx71n9c40pBgG7Qv95HKJpDj0jhnre1dp72UImjMXzjKVaFSfOpLuEDKqmU0vHpnAPaFzxWBkN12/YoJk=
In-reply-to:	<372efbf60702201706y609b8c75jc12d62e12de50850@mail.gmail.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
Resent-date:	Fri, 23 Feb 2007 19:31:00 -0700 (MST)
Resent-from:	pen-test-return-1078483609@securityfocus.com
Resent-message-id:	<20070224023100.D8FDE149791@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com
Thread-index:	AcdWfMhQBx07P8JwEduIQgAWy5zC2g==
Thread-topic:	Any suggests about a possible LRE (local root escalation)
User-agent:	Microsoft-Entourage/11.3.3.061214

Uploading a setuid binary in your own dir wont work? Something like the sh
binary with setuid root? Upload it and run it from the shell.. I have tried
this on a RHEL 4 machine and it worked actually but could have been a fluke.

//Florian
http://blog.2blocksaway.com


On 2/21/07 3:06 AM, "Andrew" <seraphele@gmail.com> wrote:

> Hi list,
> 
> We are pen-testing a couple of a company webserver that hosts
> something like many thousand websites. We got a shell working through
> a remote file inclusion vulnerability we found. We are in but there
> seems to be no apps we could "use" to gain a root escalation from the
> local low-priviledges shell. OS is centOS 4.4 and kernel is
> 2.6.9-42.0.3.ELsmp. Do you have any ideas to gain a root escalation
> over this OS/kernel configuration?
> Any help will be apprecied.
> 
> Thanks in advance
> 
> 
> Andrew B.
> Junior Analyst
> NWI co.
> 
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
> 
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> 
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016000000
> 08bOW
> ------------------------------------------------------------------------
> 



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Any suggests about a possible LRE (local root escalation), Andrew RE: Any suggests about a possible LRE (local root escalation), Paul Melson Re: Any suggests about a possible LRE (local root escalation), Florian Rommel <= Re: Any suggests about a possible LRE (local root escalation), Krugger

Previous by Date:	BEA Weblogic pentest, Dieter
Next by Date:	Re: Speaking of nmap, Paul Asadoorian
Previous by Thread:	RE: Any suggests about a possible LRE (local root escalation), Paul Melson
Next by Thread:	Re: Any suggests about a possible LRE (local root escalation), Krugger
Indexes:	[Date] [Thread] [Top] [All Lists]