Summary of the Elevation of Privilege of intrusion penetration Detection Technology
Hello everyone, I have never written any articles to share with you at the beginning. I hope you will be guilty of guilt.
Today we have time to write a process and share it with you, because I think it is worth sharing.
Well, let's get down to the truth, and the intrusion process will be omitted. it's relatively simple. Through injection and then, let's get started with the question, which is what we will talk about today.
First, start from the port to find a breakthrough. We can see that the open ports have ports, and respectively, port 1433 provides a wide range of methods for elevation of permissions of the mssql database over the sa for websites.
However, the website in this article uses the access database, so this port can eliminate the possibility of permission escalation. Next, port 3306 is used. If Port 3306 is used, we need to find the root user, however, access to the directory is denied, so this port can be excluded.
In other words, generally, the virtual host does not use the root user permission to build a website database, so it can only start from the directory, but the directory cannot be accessed. We can only find another method.
Then, let's see if there are readable and writable directories in the directory, and escalate the permission through overflow.
This is the result after some scans. There are only a few readable directories.
We tried it one by one, but we didn't agree. Although it was a readable and writable directory, we couldn't execute the command. We knew this was a permission issue.
Okay, I tried all the common methods, but I still can't. What should I do? I suddenly remembered that I had never mentioned the off-star virtual Elevation of Privilege Vulnerability before? Maybe we can give it a try. Of course, it also requires luck.
First, we can find this directory. If the rar.exe file fails to be executed by the deny statement, the permission is still incorrect.
Next, find the corresponding function to perform the operation, but in this case, we need to first compress the elevation tool with a compressed package, and then decompress it to the readable and writable directory that we need to execute.
The first is to select the corresponding directory to decompress the file, the second is the compressed file under the directory, and the third is the decompressed file under the directory.
Then let's try again. Okay, decompress the package to the directory. Let's check it out.
Right, it is okay. Of course, you don't have to extract the package to that directory to execute the command. If there are other executable directories, you can also decompress the file for operations, you must learn how to make things more flexible and changeable.
Now, we can use the overflow elevation tool to raise the permission. How can we upload the elevation tool to overflow the elevation of permission and so on.
Right, this is OK, and then the operation is performed.
Well, the article should come to an end here. The last thing to say is that there is no line in the field of technology. I hope you can share something worth sharing with others, there will be exchanges only when there is a share, and there will be progress only when there is a share. Thank you!