Kwelwild Posted June 30, 2013 Report Posted June 30, 2013 Description: In this video you will learn how to exploit a Linux system and Local Privilege Escalation exploit.Doing a port scan on the target reveals that several ports are open including an HTTP port. Upon browsing to the target website and looking at the HTML source, it seems that a commented line containing an account credential is available. A successful FTP login was made using the credentials and the file backup_log.php was downloaded.Using DirBuster, the logs directory was discovered. Trying backup_log.php as a possible page yields a positive result. There seems to be an event that happens every ten minutes as shown from the backup error logs. The attacker change his IP address to that of those in the logs and wait for the ten minute mark to again run a port scan. The attacker’s patience paid off, a new port-10001 is revealed and not knowing what service is running, a netcat connection was initiated to try and probe the service. After several tries, it would seem that netcat input are written on the page.A line of PHP code was then written that would allow for command execution on the target machine with the privileges of the webserver. A netcat listener was set up on the attacker’s machine that would catch the connection request from the target machine initiated by the attacker, this allows for a reverse shell to be available for the attacker.For More information please visit : - infosecdump: penetration testing tips, tricks, and references.: Linux - Web Application and Local Privilege Escalation ExploitOriginal Source: Sursa: http://www.securitytube.net/video/7872 Quote