From: Florian Rommel (frommel@gmail.com)
Date: Thu Feb 22 2007 - 07:27:14 EST
Uploading a setuid binary in your own dir wont work? Something like the sh
binary with setuid root? Upload it and run it from the shell.. I have tried
this on a RHEL 4 machine and it worked actually but could have been a fluke.
//Florian
http://blog.2blocksaway.com
On 2/21/07 3:06 AM, "Andrew" <seraphele@gmail.com> wrote:
> Hi list,
>
> We are pen-testing a couple of a company webserver that hosts
> something like many thousand websites. We got a shell working through
> a remote file inclusion vulnerability we found. We are in but there
> seems to be no apps we could "use" to gain a root escalation from the
> local low-priviledges shell. OS is centOS 4.4 and kernel is
> 2.6.9-42.0.3.ELsmp. Do you have any ideas to gain a root escalation
> over this OS/kernel configuration?
> Any help will be apprecied.
>
> Thanks in advance
>
>
> Andrew B.
> Junior Analyst
> NWI co.
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016000000
> 08bOW
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:36 EDT