privilege escalation – Page 17

How to prepare privilege escalation from buffer overflow on Linux? [on hold]

Posted on August 13, 2019 by test_qweqwe

I compiled a vulnerable application on my Kali Linux 2019.2, gave to application permissions (-r-sr-x—).

Then I used my payload with non-root user and got shell, but whoami shows that I’m not root, I’m still the same user…. Continue reading How to prepare privilege escalation from buffer overflow on Linux? [on hold]→

Gamers Beware: Zero-Day in Steam Client Affects All Windows Users

Posted on August 12, 2019 by Tara Seals

An elevation-of-privilege bug allows attackers to run any program on a target machine with high privileges. Continue reading Gamers Beware: Zero-Day in Steam Client Affects All Windows Users→

Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs

Posted on August 11, 2019 by Swati Khandelwal

If you own a device, or a hardware component, manufactured by ASUS, Toshiba, Intel, NVIDIA, Huawei, or other 15 other vendors listed below, you’re probably screwed.

A team of security researchers has discovered high-risk security vulnerabilities in mo… Continue reading Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs→

DEF CON 2019: New Class of SQLite Exploits Open Door to iPhone Hack

Posted on August 10, 2019 by Tom Spring

Researchers exploit a SQLite memory corruption issue outside of a browser. Continue reading DEF CON 2019: New Class of SQLite Exploits Open Door to iPhone Hack→

Exploiting cron job running as root

Posted on August 8, 2019 by Awaaaaarghhh

There is a cron job running as root on a web server every 15 minutes:

php cli-script.php

(cli stands for “Command Line Interface”, so is only accessible from command-line)

It is not possible to directly modify the PHP scri… Continue reading Exploiting cron job running as root→

NVIDIA patches high-severity bugs in Windows GPUs and SHIELD

Posted on August 6, 2019 by Danny Bradbury

NVIDIA has patched five bugs in its Windows GPU display driver, three of which could allow an attacker to execute code on the system. Continue reading NVIDIA patches high-severity bugs in Windows GPUs and SHIELD→

GitHub ‘encourages’ hacking, says lawsuit following Capital One breach

Posted on August 6, 2019 by Lisa Vaas

The class action charges Capital One and GitHub, charging it with being “friendly” (at least) toward hacking and for the hackers’ posts. Continue reading GitHub ‘encourages’ hacking, says lawsuit following Capital One breach→

Privilege Escalation TTY error while using sudo /usr/bin/vi command

Posted on July 18, 2019 by Blacklion

I am currently trying to escalate my privileges on an Ubuntu box. When I enumerated the server and run “sudo -l” command, I found out /usr/bin/vi set to (root) NOPASSWD.

(root) NOPASSWD: /usr/bin/vi /var/www/html/*

Then I … Continue reading Privilege Escalation TTY error while using sudo /usr/bin/vi command→

Why doesn’t my systemctl command work?

Posted on June 25, 2019 by WR7500

I’m working on a pentest VM, and have elevated my user privileges to that of a common user. I can see from my enumeration scans that systemctl has a SUID bit set, and has the ownership group listed as my current users group.
… Continue reading Why doesn’t my systemctl command work?→

Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw

Posted on June 7, 2019 by Wang Wei

An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system.

SandboxE… Continue reading Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw→