Problem with exploiting a Linux box

Dave BDave B Member Posts: 9 ■□□□□□□□□□
Hello all,
I am looking for a little help with a problem. I am working on breaking into and owning a linux box. It is Red Hat 2.4.20-8 and has multiple open ports and numerous vulnerabilities. The problem I have run into is getting root access. I can log in via SSH or FTP and have user priv but I can't seem to jump the hurdle and get to root! I can transfer exploits over to the box, but when I return to it the files are empty and no code has gone across the wire.

If any of you have some ideas I would greatly appreciate them. I am certain that I am missing some small thing but my head is swimming and I can't get past this. Would this be classed as "hackers block?"

Dave B

Comments

  • ipchainipchain Member Posts: 297
    Oh the joys of privilege escalation. Well, as you probably know enumeration is the key to privilege escalation, so I recommend fully enumerating the box to see if there is anything you can use to escalate.
    Every day hurts, the last one kills.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,663 Admin
    How to own root isn't a typical discussion topic here at TechExams.net. A discussion forum about Metasploit would have much more useful information for that sort of thing.
  • Dave BDave B Member Posts: 9 ■□□□□□□□□□
    Apolgies for intruding on the forum this way! Just searching for input fomr some experienced people, which the certs seem to provide. Again apologies.

    Dave
  • SephStormSephStorm Member Posts: 1,732
    try ehicalhacker.net we specialize at that sort of thing. However, you should note why you are trying to exploit the system (lab? pentest? ex girlfriend?)

    Personally, if this is in a lab, I would open up wireshark or tcpdump to see if those packets are going to the target. Also see if the box is running IPTables or netfilter, maybe your traffic is being blocked. I have a few other thoughts, but we should take this discussion over to eh.net
  • Dave BDave B Member Posts: 9 ■□□□□□□□□□
    Thanks, I will be heading over to ethicalhacker.net! I know that the packets are travelling so that isn't it. It is a pen test for my own personal training! So nothing unethical at all, just keeping skills sharp.

    Thanks all!

    Dave
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    What does your question concern? Performing the local privilege escalation, or uploading files to the server? For the former, like ipchain said, enumerate and research. For the latter.. are you able to create files locally on the server side?
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
Sign In or Register to comment.