Collaborate Disseminate
According to wikipedia, Linux’s security compared to Windows is generally due to "the malware’s lack of root access."
Why doesn’t Windows just fix this?
Continue reading What prevents Windows from being as secure as Linux?
Unquoted service paths might be used as a privilege escalation vector after an attacker gains access to a Windows host.
Given Hector’s answer in the following question:
"Windows Unquoted Search" Fix?
I understand some software ma… Continue reading Is there any way to disable/not allow unquoted service paths in Windows?
We are trying to convince folks in our company to grant developers full privileges to all services in "dev" account (current policy does not allow developers to create anything in our AWS account, because "security").
… Continue reading Can I escalate my privileges if I have read-write access to IAM service in AWS?
We have some systems where users are using Docker in userspace to run development environments. These containers sometimes leave files and directories behind that cannot be deleted directly by the users because they were created by other u… Continue reading Security implications of providing lxc-utils to regular users
It’s a privilege escalation vulnerability:
Linux users on Tuesday got a major dose of bad news — a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system.
Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command…
Continue reading Twelve-Year-Old Linux Vulnerability Discovered and Patched
I succesfully tried to exploit an old version of Apache. A shell is spawned with user www-data (id=33), but I can’t "ls" or "cat" anything in /tmp. I can ls the contentns of /bin instead, for example.
I even added a fil… Continue reading Why can’t I access /tmp after my execve(/bin/sh) exploit?
Considering that a RCE vulnerability has been recently found in the log4j library, a library used in a lot more applications than I thought. The following question comes to my mind.
If an attacker successfully exploits log4shell, does the … Continue reading At which OS privilege level log4j usually runs?
I have a CTF machine. I can see the port 8009 and 80 open. From that I found pretty quickly the Ghostcat exploit.
I then listed the folder of the machine and I got :
then I followed this article
I created the file 48143.py and pasted the … Continue reading Ghostcat exploit, how to use it?
I understand the LD_preload trick, but in this tutorial(https://www.hackingarticles.in/linux-privilege-escalation-using-ld_preload/), they not only give the user the right to keep this environment variable, but also to run one command (fin… Continue reading Privilege escalation : Is this step really necessary?
Assume Alice has physical access to Bob’s Linux machine (but can only use the mouse/keyboard). What is the worst that can happen to Bob’s files? For example could she write in a file owned by Bob even if Bob didn’t give permission to her?
… Continue reading What is the most harm that a non-root logged-in user can do on a Linux machine? [closed]