In January 2019, researchers discovered a privilege escalation vulnerability in default installations of Ubuntu Linux. This was due to a bug in the snapd API, a default service. Any local user could exploit this vulnerability to obtain immediate root access to the system (Linux Privilege Escalation via snapd, n.d.). In this post, I am going to exploit one of the affected Ubuntu 16.04 using dirty_sock exploit via snapd which created by security researcher. Moreover, snapd serves up a REST API attached to a local AF_UNIX socket. Access control to restricted API functions is accomplished by querying the UID associated with any connections made to that socket. User-controlled socket peer data can be affected to overwrite a UID variable during string parsing in a for-loop. This allows any user to access any API function.
Continue reading “Linux Privilege Escalation via snapd using dirty_sock exploit and demonstration of CVE-2019-7304”Category: Penetration Testing
HTB Retired Box Walkthrough: Legacy
Today, I will demonstrate new skills which I gained:
- Identifying vulnerabilities by using the NSE;
- Exploiting SMB using Metasploit.
Let’s give a brief intro about the new machine. Legacy is a retired machine at the beginner level that shows SMB’s possible security threats in Windows OS.
Continue reading “HTB Retired Box Walkthrough: Legacy”Walkthrough: Lame (HTB Retired Box)
Hi All, this is my first blog entry which I decided to share my written walkthroughs related to retired machines on HTB. Frankly speaking, I am in the learning process and end of my development, I would like to look at my progress for checking what I learnt. Additionally, I want to share my knowledge with our peers or who wants to improve themselves.
Continue reading “Walkthrough: Lame (HTB Retired Box)”