Page 1 of 4 123 ... LastLast
Results 1 to 10 of 32

Thread: Privileges escalation

  1. #1
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    16

    Default Privileges escalation

    Hello everybody,

    I am currently an intern in a company were I am gonna test the security of the company. I want to try of it is possible to do privileges escalation. The only problem is I know the theoratical site, but I don't know how to do it. I'm allowed to do this. So if someone can help me out, it would be nice. In the mean time I will keep searching the internet for a good tutorial. If I will find one I will post it here.

  2. #2
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by frankibo View Post
    Hello everybody,

    I am currently an intern in a company were I am gonna test the security of the company. I want to try of it is possible to do privileges escalation. The only problem is I know the theoratical site, but I don't know how to do it. I'm allowed to do this. So if someone can help me out, it would be nice. In the mean time I will keep searching the internet for a good tutorial. If I will find one I will post it here.
    First, your post couldn't be more vague. I think what you are looking for is a Big Red h4Xor i7 n0w button, which if you would do your research has already been developed and deployed.

    Secondly, (out of curiosity) what company is going to let an inexperienced intern test their security? I hope they do not blame you for f**king up their infrastructure when you DoS something in a production environment

    No offense, but it sounds kinda sticky to me
    dd if=/dev/swc666 of=/dev/wyze

  3. #3
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    True that

    search
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  4. #4
    Member PeppersGhost's Avatar
    Join Date
    Jan 2008
    Posts
    204

    Default

    Quote Originally Posted by frankibo View Post
    I am currently an intern in a company were I am gonna test the security of the company.
    Oh, now I feel safe. #1 Interns don't do anything.
    I want to try of it is possible to do privileges escalation. The only problem is I know the theoratical site, but I don't know how to do it. I'm allowed to do this.
    This sounds like broken English, you answered you're own questions, "I dont know how" and, "I'm allowed to do this?" This answer is no, you are not allowed because you dont know how.
    <EeePc 1000HA BT4/W7 USB boot Alfa500 GPS BlueTooth>

  5. #5
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    As swc666 mentioned before you shouldn't play with things you don't understand.

    Especially not in a productive environment. I can't think of anyone who would tell an intern to security test the companies network. The risk to blow something up especially if you haven't had any training before is way too high.

    Or did you say that you know how to pentest, at least theoretical? Even then I don't think that anyone would give you permission to do that besides in a lab not connected to the real network.
    Tiocfaidh ár lá

  6. #6
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    16

    Default

    Well, the company hasn't got any kind of security policy. So they let me make it. I guess they try to save some money or something. And before writing it I am gonna test what the network now is vunerable to. But thanks for the answer.

    And I copied the infrastructure of a small part of the network to a virtual environment so I wouldn't damage anything. Already thought of that problem.
    Studying the art of computer defense.

  7. #7
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by frankibo View Post
    Well, the company hasn't got any kind of security policy. So they let me make it. I guess they try to save some money or something. And before writing it I am gonna test what the network now is vunerable to. But thanks for the answer.

    And I copied the infrastructure of a small part of the network to a virtual environment so I wouldn't damage anything. Already thought of that problem.
    Security policy doesn't mean necessarily to pentest anything. It is more like password guidelines, how to deal with confidential data and so on.

    How did you copy it?
    Tiocfaidh ár lá

  8. #8
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by frankibo View Post
    Well, the company hasn't got any kind of security policy. So they let me make it. I guess they try to save some money or something. And before writing it I am gonna test what the network now is vunerable to. But thanks for the answer.

    And I copied the infrastructure of a small part of the network to a virtual environment so I wouldn't damage anything. Already thought of that problem.
    Is your company publicly traded? If so, can you let us know what the stock symbol is just so that we don't mistakenly invest any money in it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by frankibo View Post
    Hello everybody,

    I am currently an intern in a company were I am gonna test the security of the company. I want to try of it is possible to do privileges escalation. The only problem is I know the theoratical site, but I don't know how to do it. I'm allowed to do this. So if someone can help me out, it would be nice. In the mean time I will keep searching the internet for a good tutorial. If I will find one I will post it here.
    Looks like you're going to fail your internship since you can't figure out how to put theory to use.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  10. #10
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    16

    Default

    I still got four months left, so I've got enough time.
    Studying the art of computer defense.

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •