taoCMS是基于php+sqlite/mysql的国内最小(100Kb左右)的功能完善、开源免费的CMS管理系统

Guide to Linux privilege escalation

2012-09-11

Simple guide for Linux privilege escalation from: http://insidetrust.blogspot.com:

Enumeration is key
Linux privilege escalation is all about:

1) Enumeration, more enumeration, and more enumeration
2) Sorting through data, analysis and prioritisation
3) Knowing where to find exploit code
4) Customisation and compilation skills
5) Confidence that comes from lots of trial and error

Ideas; What information do you need to find?
Here is a list of some of the information an attacker would be looking to find in order to maximize their chances of successful privilege escalation on Linux.

Enumeration of the operating system

  • What is the distribution type, and version?
  • What is the Kernel version?

Enumeration of services and applications

  • What services are running, and in which user-context?
  • What are the versions of the running services?
  • What applications are installed, and what versions?
  • Do any of these services have vulnerable plugins or configurations.
  • What jobs are scheduled?
  • Pay particular attention to anything running as root

Enumeration of the file-systems

  • What configuration files can be read/written in /etc/ ?
  • What information or content can be found in /var/ ?
  • Is it possible to write files to places that are in another users path?
  • Identify SUID and GUID files
  • Identify world-readable and world-writable files
  • How are file-systems mounted?
  • Are there any unmounted file-systems?

Enumeration of confidential information

  • What sensitive files can be found?
  • Are there any passwords in; scripts, databases, configuration files or log files?
  • What user information can be found?
  • Can private-key information be found?
  • Examine files in user home directories (if possible)

Enumeration of communications and networking

  • What NICs does the system have?
  • What are the network configuration settings?
  • What other hosts are communicating with the system?
  • Are there any cached IP or MAC addresses?
  • Is packet sniffing possible, and if so what can be seen?
  • Is SSH tunnelling possible?

Preparation for exploit code

  • What development tools/languages are installed/supported?
  • What areas can be written to?
  • Where can code be executed?
  • How can files be uploaded?

Finding exploit code

The only way to learn how to do privilege escalation is to practice, and keep trying.
Be good!

Mitigations

From a defensive stance, you need to ask yourself very similar questions

  • Have you made any of the above information easy for an attacker to find?
  • Is the system fully patched? (Kernel, operating system, and all applications)
  • Are services running with the minimum level of privileges required?
  • Bastille Linux is a set of scripts that can be run to harden a Linux system (checking for some of the above issues, and many more besides)
来自:http://www.coresec.org/

类别:技术文章 | 阅读:275011 | 评论:0 | 标签:linux 安全 提权

想收藏或者和大家分享这篇好文章→

“Guide to Linux privilege escalation”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

taoCMS发布taoCMS 3.0.2(最后更新21年03月15日),请大家速速升级,欢迎大家试用和提出您宝贵的意见建议。

捐助与联系

☟请使用新浪微博联系我☟

☟在github上follow我☟

标签云