Cybersecurity Walkthrough Explores Privileged Access Techniques
/ 3 min read
Quick take - A cybersecurity walkthrough demonstrated various techniques for gaining privileged access to a Linux-based system, ultimately identifying a Local File Inclusion vulnerability that could facilitate privilege escalation, despite not achieving root access during the exercise.
Fast Facts
- The cybersecurity walkthrough focused on gaining privileged access to a Linux-based system, classified as easy difficulty.
- Initial exploration identified three open ports (22, 555, 5000), with port 5000 hosting a Chemistry CIF Analyzer webpage.
- Attempts at SQL injection on ports 22 and 555 failed, but a new user account was created, allowing file uploads and subsequent exploration.
- A piece of code was exploited for remote code execution, leading to successful access with the “app” user account and discovery of user hashes.
- A Local File Inclusion (LFI) vulnerability was identified, enabling access to sensitive files and potential privilege escalation towards capturing the root flag.
Cybersecurity Walkthrough: Gaining Privileged Access to a Linux System
Overview
In a recent cybersecurity walkthrough, various techniques were employed to gain privileged access to a Linux-based system. The walkthrough was classified at an easy difficulty level and began with the identification of three open ports on the system: 22, 555, and 5000. Notably, port 5000 hosted a webpage featuring a Chemistry CIF Analyzer.
Exploitation Attempts
Initial attempts to exploit the system through SQL injection on ports 22 and 555 were unsuccessful. A breakthrough occurred when a new user was created with a username and password, granting access to a file upload option. While the file upload feature did not facilitate a PHP reverse shell, it allowed for the download of a sample CIF file, which was subsequently uploaded back to the system for functionality examination. However, no useful information was extracted from this process.
Further exploration was aided by online resources, leading to the discovery of a piece of code that could potentially be exploited for remote code execution (RCE). The process involved modifying the IP and port to align with the user’s values, followed by uploading a specific file with a .cif extension. A netcat listener was initiated on the designated port, and upon clicking the “view” option on the webpage, a shell was successfully obtained with the user account “app.”
Privilege Escalation Attempts
The privilege escalation search yielded no significant findings. The tool linPEAS was run, revealing limited options available to the “app” user. During this process, a file in the user app’s folder was discovered, containing hashes. Among these hashes, the one belonging to a user named Rosa was decrypted using CrackStation, resulting in the successful retrieval of her password, “passssss.”
With access switched to the “rosa” user, the first flag was obtained. Further attempts at privilege escalation were made, although initial results were unproductive. Eventually, a Local File Inclusion (LFI) vulnerability was identified, presenting an opportunity to access sensitive files on the server. By employing path traversal techniques, privileged files, including the shadow file, were accessed, facilitating potential privilege escalation.
The overarching objective of this cybersecurity exercise was to capture the root flag. Despite not achieving root access at that stage, the LFI vulnerability was highlighted as a promising avenue for ultimately gaining root privileges.
Original Source: Read the Full Article Here
