Little Help with Privilege Escalation Please

[lupin]

Can you give an example of this kind of exploit? Thanks!

Here. And here. Here too.

Just search exploit DB for local Linux exploits mentioning privilege escalation (or just privilege, like this search).

[Sys7emR00t]

Here. And here. Here too.

None of these are shell code...they all look like C Programs that you have to compile and run- you said there was shell codes to launch a root shell. ? Thanks.

[KMDave]

Not every exploit has to have shellcode, especially a local priv escalation one.

[lupin]

you said there was shell codes to launch a root shell. ?

When did I say that? The only place I can find in this thread where I even mentioned shellcode is in post 4 responding to the OP who was talking about seeing mostly shellcode in the local exploits he saw. In that post I only meant that IF the OP was actually looking at privilege escalation exploits that contained shellcode, there should be more to it than JUST shellcode.

The majority of Linux privilege escalation exploits I have seen have not used shellcode at all...

[Sys7emR00t]

Most privilege escalation exploits are run from a shell and they then give that shell root privileges. Some work slightly differently, but for the most part thats what happens. So you just need shell access on the system, then you transfer the privilege escalation exploit there and run it, and if it works your shell should end up wth root privilege.

Sorry, perhaps I misunderstood...I'm looking for this ^.

[lupin]

Sorry, perhaps I misunderstood...I'm looking for this ^.

See post 11.

[falseteeth]

The exploit is always going to be a program, never just raw shellcode. The shellcode is merely a a string of pure machine code that performs a certain task (usually opens a shell, but can open calc.exe or anything).

With a privilege escalation exploit, you're going to download the exploit code, compile it, and then just ./exploit, and it'll either work or it won't.

[Sys7emR00t]

The exploit is always going to be a program, never just raw shellcode. The shellcode is merely a a string of pure machine code that performs a certain task (usually opens a shell, but can open calc.exe or anything).

With a privilege escalation exploit, you're going to download the exploit code, compile it, and then just ./exploit, and it'll either work or it won't.

This is what I'm looking for. I figured raw shellcode didn't make sense. Problem is, with a limited account one may not be able to download a compiler. Any easy way to compile C from the command line or something?

[wh1t3fang]

The exploits listed are like the simplest exploits to run on exploit-db. you just compile and run them. you can use gcc. it takes 2 mins at the most . If the exploits dosent work then you dont have the vulnerable services that the exploit takes advantage of.

[lupin]

This is what I'm looking for. I figured raw shellcode didn't make sense. Problem is, with a limited account one may not be able to download a compiler. Any easy way to compile C from the command line or something?

If the target system doesn't have a compiler already installed (such as gcc, which is run from the command line btw) you can try compiling the exploit elsewhere and transferring it over in binary form. You need to make sure you compile the binary for the same architecture and platform as the target system though, so its generally better to compile on the target itself if a compiler is available.