After a break of months, I finally urged myself to start writing information blogs again. Hope, I do my best to deliver a valuable information to my readers. This time I’d be starting with writing walkthroughs and of vulnerable machines / capture the flag (CTF).

I picked Metasploitable virtual i.e. an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Mestaploitable version can be downloaded from here. This virtual machine is compatible with VirtualBox, VMWare, and other common virtualization platforms. In this blog, we will try our best to cover privilege escalation in metasploitable 2 machine.

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or application to gain elevated access to resources that are normally protected from an application or user – read more.

Note: For privilege escalation we should get limited shell first.

In metasploitable 2, we can get limited shell through various services running on the system.

1. We used nmap (Network Mapper) to search for running services, and ended up finding telnet running with default username and password on metasploitable 2.

Telnet is a program used to establish a connection between two computers. It is inherently insecure because it transmits data in clear text.

On the Kali box, open a terminal, and telnet to the Metasploitable VM. Login with the ‘msfadmin:msfadmin’ credentials.

- 1 300x174 - Privilege Escalation in Metasploitable 2 Machine

2.The logged in user is msfadmin (not root account).

- 2 300x16 - Privilege Escalation in Metasploitable 2 Machine

3. Following is the Linux version (out-dated).

- 3 300x14 - Privilege Escalation in Metasploitable 2 Machine

4. By looking at the Linux kernel version I googled for its exploit. Luckily, I found exploit for it.
https://www.exploit-db.com/exploits/8572/

. I downloaded the exploit and by using vim utility, I saved the exploit in exploit file. After that, I converted the file to .C extention (C langauage).

- 4 300x13 - Privilege Escalation in Metasploitable 2 Machine

6. Let us see the exploit.

- 5 300x257 - Privilege Escalation in Metasploitable 2 Machine

7. Compile c into binary file exploit with gcc uility.

- 6 300x15 - Privilege Escalation in Metasploitable 2 Machine

8. Search for any process running with a PID. We can use any PID (but should be non-zero).

- 7 300x113 - Privilege Escalation in Metasploitable 2 Machine

9. Confirm the process ID (PID). It should be increased by one in following mode.

- 8 300x22 - Privilege Escalation in Metasploitable 2 Machine

. The exploit for kernel will use/run the below code to run as a root user once a Netcat connection has been established.

- 9 300x44 - Privilege Escalation in Metasploitable 2 Machine

11. Open a netcat connection on port 1337 (assigned in tmp/run file). Launch exploit with the PID 2770 (shown above). We successfully got a bash shell on target system.

- 10 300x116 - Privilege Escalation in Metasploitable 2 Machine

Hurrah we did it. I look foward to share more CTF’s with you. I’d like to hear from you, share your thoughts in below comments area.

If you are interested to learn about Ethical Hacking and Penetration Testing, I would like you to read the following blog.

 


5/5

If you are interested to learn about Ethical Hacking and Penetration Testing, I would like you to click on bellow button.

Learn More


User Rating:
4.5
( 1 votes)



Source link
Based Blockchain Network

LEAVE A REPLY

Please enter your comment!
Please enter your name here