Remote root from ftp
I am doing a pen-test on one of my machines. I pretended I managed to get an unprivileged users password (e.g. from an sql injection attack) and im wondering now if its possible to get a remote root shell from this.
I thought maybe I could upload netcat and change my .bashrc to start a shell when I next log in, but this wouldn't be much use as its an unprivileged user
Just burned his ISO
Thanks for the reply,
I can manage to get app versions etc, and since I know the directory structure I would be able to get source code as well. Unfortunately though, my programming skills are limited to visual basic (lol) so analyzing code and writing modules is an unknown area for me.
You talk about using php sockets to create a shell. How would I go about doing that? I don't mind doing some research because that helps me learn but I wouldn't know where to start.
Good friend of the forums
if you have a shell on the system you can try local privilege escalations ( mostly old lib's or kernels )
what you are looking for is old versions of software installed as root on the system that are vuln ..
check to uid's http://rmccurdy.com/scripts/find_setuid.txt
php shells you can download by the millions... c99shell r57 ..
Thanks for the help guys I think this has pointed me in the right direction.
Here are some shells i've found. Php and ASP shells are included.
Total shells: ~50
Delete the "-" to get a functional link.