First elevated privelages!

Last time, on noob tries to hack…

So I’m sitting there, excited I popped the shell (even though it was super easy) and I actually said out loud ‘now what?’. What do I do from here? So far I’ve studied vulnerabilities in sql and php, but haven’t really looked at exploits. I went to g0tmi1k’s enumeration page and went down the list of what I could do.

What’s this?

Going down the list command by command, some of them worked and some didn’t. This was my first time running these commands so I took my time to read through what each one did. Trying to read bash commands the previous user ran, which in a real scenario would be helpful. Trying to find files that had root and user permissions (dont know how that works yet but i get why its useful). One command in particular caught my attention.

This cant be what I think it is

I won’t say exactly what it was because the box hasn’t been retired. This command showed me what other users were running on the machine. I began to look up what they were trying to do. Something looked promising and bam! I escalated privelages to another user, just like that.

Is it cheating?

I don’t know how I should feel about it. Some say it’s not cheating because I exploited the system legitimately. Others say it’s cheating because I used other people’s work. I don’t know but I’m leaning towards not. Check my twitter for a poll.

Post Author: InfoSecJon

Info Sec Professional, Pen-Testing noob

Leave a comment or suggestion!