I’m in the final stages of studying for a certification test so I haven’t had a chance to watch many of the attack-secure videos yet but on the advice of the course creator I did make time to go watch the section on exploiting Unix systems to look for tips to get into my problem box and I ended up finding exactly what I needed to get root on that system.
Also, Mohamed THANK YOU for putting “prepare to be frustrated” on the slide talking about trying to get privilege escalation running on a Linux box. I’m glad to know I’m not the only one who’s spent hours trying to acquire root only to end the day unsuccessful.
While I’ve been unable (so far) to escalate my privileges locally on the box from shell, I was able to use another exploit to remotely provide me a root shell. The answer was to take a more holistic approach to examining vulnerabilities.
A Nessus scan report of the box in question revealed a samba weakness on port 445. The report was also kind enough to tell me which Metasploit exploit to use on the server. I tried that exploit multiple times and was greeted with a message notifying me that the system I was trying to hack into wasn’t susceptible to that exploit. After that I chalked up that exploit as “not working” and moved on to the next listed vulnerability. BIG mistake.
Now that I’ve told you what I did (aka, the wrong way), I’ll tell you what I should have done.
I was right to run Nessus. I was right to try the exploit that it recommended. I was wrong to move on after that didn’t work. What I should have done was remind myself that the box DID have a samba service running on that port, and realize that it was probably worth my time to type “search samba” into Metasploit and look for other samba exploits to try. There was a multi-platform exploit listed as excellent that dropped me straight into a root shell first try.
A small part of my felt like a chump for not thinking of that on my own, a bigger part of me was happy that I’m learning. After spending all of those hours earlier, that is a lesson I won’t soon forget.
So far I’m very happy with the course content, the support and the practice network. They’re providing a great value for the price.