Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Any suggests about a possible LRE (local root escalation)

From: Florian Rommel <frommel () gmail com>
Date: Thu, 22 Feb 2007 14:27:14 +0200
Uploading a setuid binary in your own dir wont work? Something like the sh
binary with setuid root? Upload it and run it from the shell.. I have tried
this on a RHEL 4 machine and it worked actually but could have been a fluke.

//Florian
http://blog.2blocksaway.com


On 2/21/07 3:06 AM, "Andrew" <seraphele () gmail com> wrote:


Hi list,

We are pen-testing a couple of a company webserver that hosts
something like many thousand websites. We got a shell working through
a remote file inclusion vulnerability we found. We are in but there
seems to be no apps we could "use" to gain a root escalation from the
local low-priviledges shell. OS is centOS 4.4 and kernel is
2.6.9-42.0.3.ELsmp. Do you have any ideas to gain a root escalation
over this OS/kernel configuration?
Any help will be apprecied.

Thanks in advance


Andrew B.
Junior Analyst
NWI co.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016000000
08bOW
------------------------------------------------------------------------





------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: