Collaborate Disseminate
I am working on a CTF challenge (FOR EDUCATIONAL PURPOSES)
The sudo version is 1.8.23 and sever is Centos 7
The free -h output is:
total used free shared buff/cache available
Mem: 94G … Continue reading Privilege escalation using sudo and ASLR bruteforce
Consider the following Linux system:
root account is disabled (passwd -l root, passwd -d root),
there is an account ‘admin’, with sudo rights,
there is an account ‘webservice’, with limited privileges, and no sudo rights,
su is disabled v… Continue reading Prevent a remote privilege escalation when the root/admin password is known
I am working on a CTF challenge (FOR EDUCATIONAL PURPOSES)
I found out that I can write on the /etc/profile.d/modules.csh file
lrwxrwxrwx. 1 root root 27 Feb 14 00:07 modules.csh -> /usr/share/Modules/init/csh
It seems that moudles…. Continue reading Privilege escalation by writing on /etc/profile.d/modules.csh
A normal user can execute these commands as root without providing any password (sudo includes the full path of the command so path hijack isn’t the case here), could "halt", "reboot", or "poweroff" be leverag… Continue reading Sudo "/usr/sbin/halt", "/usr/sbin/reboot", "/usr/sbin/poweroff" – how to leverage it to privilege escalation?
A normal user can execute these commands as root without providing any password (sudo includes the full path of the command so path hijack isn’t the case here), could "halt", "reboot", or "poweroff" be leverag… Continue reading Sudo "/usr/sbin/halt", "/usr/sbin/reboot", "/usr/sbin/poweroff" – how to leverage it to privilege escalation?
TLDR: Is there a security benefit to regularly accessing the admin account with a hardware token rather than with a well-protected password?
Long story: I’m both a developer and the system admin of our small network. Thus, on my PC, I usu… Continue reading Are there advantages to using a hardware token instead of a password on a potentially compromised system?
I’m testing for privilege escalations on a Ubuntu 18.04 host, and after running sudo -l , I’ve discovered a couple of root NOPASSWD commands for a standard user (w/unknown password). These commands contain wild cards.
Example: (root) NOPAS… Continue reading Possible to inject in the middle of a ROOT NOPASSWD command with a wild card?
Running Windows 10 LTSC. Forwarded 445 port on the router to Windows SMB.
Assuming that:
My machine has no viruses in it (fresh Windows installation)
It has been updated to the latest OS release
I am using a secure, hard to brute force, p… Continue reading How safe is it to use SMB file share on a machine running up-to-date Windows 10 LTSC through the Internet?
Background
Currently prepping for OSCP, and taking Tib3rius’s course on Linux Privilege Escalation.
When working with one of the exercises in privilege escalating by enumerating and exploiting vulnerable SUID/SGID programs. The instructor … Continue reading Privilege Escalation – SHELLOPTS and PS4 exploitable conditions
Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs. Continue reading Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover