issue155:c_c
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
issue155:c_c [2020/03/29 08:31] – d52fr | issue155:c_c [2020/04/02 13:53] (Version actuelle) – andre_domenech | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
**Since Lucas absconded, we cannot fill his slot with more Lucas-stuff, | **Since Lucas absconded, we cannot fill his slot with more Lucas-stuff, | ||
- | Depuis que Lucas s'est éclipsé, nous ne pouvons plus remplir cet article avec des choses de Lucas ; aussi, nous sommes | + | Depuis que Lucas s'est éclipsé, nous ne pouvons plus remplir cet article avec des choses de Lucas ; aussi, nous sommes |
**Last issue, we did a quick overview of permissions on a Linux system. This issue, we will quickly discuss tools. We need to lay some groundwork first, before going to practical. Tools are handy if you do not want to do every last thing by hand. That said, you still need to know your command-line tools (commands). We already looked at ‘id’ and ‘whoami’. You also need to know ‘ifconfig’ and ‘ip’, to see what network interfaces are up. ‘Netstat’, | **Last issue, we did a quick overview of permissions on a Linux system. This issue, we will quickly discuss tools. We need to lay some groundwork first, before going to practical. Tools are handy if you do not want to do every last thing by hand. That said, you still need to know your command-line tools (commands). We already looked at ‘id’ and ‘whoami’. You also need to know ‘ifconfig’ and ‘ip’, to see what network interfaces are up. ‘Netstat’, | ||
+ | |||
+ | Dans le dernier numéro, nous avons passé rapidement en revue les permissions dans un système Linux. Aujourd' | ||
**CTF or capture the flag, is an outflow of offsec. It creates a safe haven and an outlet for what you have learned (idle hands and all that jazz...). There are distributions brimming with tools, like Kali or blackArch, but I do not want to tie you to a distribution, | **CTF or capture the flag, is an outflow of offsec. It creates a safe haven and an outlet for what you have learned (idle hands and all that jazz...). There are distributions brimming with tools, like Kali or blackArch, but I do not want to tie you to a distribution, | ||
Ligne 10: | Ligne 12: | ||
Don’t stop there; look at all the tools in that list. LinEnum is also particularly useful. Do yourself a favour and copy all those tools to a USB thumb drive. They are tiny, so that old 256MB thumb drive you have no use for, just became useful again! ** | Don’t stop there; look at all the tools in that list. LinEnum is also particularly useful. Do yourself a favour and copy all those tools to a USB thumb drive. They are tiny, so that old 256MB thumb drive you have no use for, just became useful again! ** | ||
+ | |||
+ | CTF (Capture the Flag, la « prise de la colline ») découle de offsec (la sécurité offensive). Elle crée un port sûr et un entrepôt pour ce que vous avez appris (l' | ||
+ | |||
+ | Un outil intéressant y est mentionné, l' | ||
+ | |||
+ | Ne vous arrêtez pas là ; regardez tous les outils de la liste. LinEnum est aussi particulièrement utile. Rendez-vous service et copiez tous ces outils sur une clé USB. Ils ne sont pas gros ; votre vieille clé USB de 256 Mo dont vous n'avez pas d' | ||
**If you look at this enumeration shell script, you will see it is in bash, unlike most other tools written in Python. This has the benefit of working on a system that does not have python installed. (They say, a bad workman blames his tools, so be sure to read through the script! *I did!). This is about a thousand lines of if-statements. As this is a shell script, a thousand lines can run in a second. I am all for learning the command-line, | **If you look at this enumeration shell script, you will see it is in bash, unlike most other tools written in Python. This has the benefit of working on a system that does not have python installed. (They say, a bad workman blames his tools, so be sure to read through the script! *I did!). This is about a thousand lines of if-statements. As this is a shell script, a thousand lines can run in a second. I am all for learning the command-line, | ||
+ | |||
+ | Si vous regardez l' | ||
**The other part of the equation; the machine to be exploited. You can find one at: https:// | **The other part of the equation; the machine to be exploited. You can find one at: https:// | ||
I also have to address the elephant in the room. Please use a vulnerable VM and don’t try hacking your local .gov website. We are NOT trying to get you into trouble, but knowledge is power. This goes double for those who pester me on Telegram about this.** | I also have to address the elephant in the room. Please use a vulnerable VM and don’t try hacking your local .gov website. We are NOT trying to get you into trouble, but knowledge is power. This goes double for those who pester me on Telegram about this.** | ||
+ | |||
+ | L' | ||
+ | |||
+ | Il faut que je parle aussi de l' | ||
**So what is Linux privilege escalation all about? First, it’s collecting. (Enumeration), | **So what is Linux privilege escalation all about? First, it’s collecting. (Enumeration), | ||
+ | |||
+ | Bon ! Et à propos des escalades de privilèges dans Linux ? D' | ||
**Where would you start? Good question! The ‘find’ or ‘which’ command can be your friend. You need to know what you are working with. For example: ‘find / -name python*’ or ‘which python’. So we need to look for cc, gcc, python, perl, at least. Maybe put that at the top of your list and work down. There is no surefire way, so trial and error is perfectly acceptable. See if you can access or read some of the common locations. Always read the user’s history file. (history). Look for mounted file systems or unusual ones (df). Etcetera, etcetera. Mundane things, like ‘cron’, can be a goldmine! Make a list as you go along and refine that list. Check for things like ‘curl’ and ‘wget’ and ‘nc’ that allow you to transfer files, if you do not have what you need. (Like the bash script above). Your toolbox is the shell itself. SSH is as valid to your PC as it is to that PC. It is advisable to create an archive of your enumeration and send it to an offline PC where you can work on your ‘intel’ at your own pace. There may be commands you have never used (mknod), that you need to brush up on. As they say, all is fair in love and war. Practice makes perfect? | **Where would you start? Good question! The ‘find’ or ‘which’ command can be your friend. You need to know what you are working with. For example: ‘find / -name python*’ or ‘which python’. So we need to look for cc, gcc, python, perl, at least. Maybe put that at the top of your list and work down. There is no surefire way, so trial and error is perfectly acceptable. See if you can access or read some of the common locations. Always read the user’s history file. (history). Look for mounted file systems or unusual ones (df). Etcetera, etcetera. Mundane things, like ‘cron’, can be a goldmine! Make a list as you go along and refine that list. Check for things like ‘curl’ and ‘wget’ and ‘nc’ that allow you to transfer files, if you do not have what you need. (Like the bash script above). Your toolbox is the shell itself. SSH is as valid to your PC as it is to that PC. It is advisable to create an archive of your enumeration and send it to an offline PC where you can work on your ‘intel’ at your own pace. There may be commands you have never used (mknod), that you need to brush up on. As they say, all is fair in love and war. Practice makes perfect? | ||
+ | |||
+ | Par où commencer ? Bonne question ! La commande « find » ou « which » peut vous venir en aide. Vous devez savoir avec quoi vous travaillez. Par exemple : « find / -name python* » ou « which python ». Aussi, nous devons au moins chercher cc, gcc, python, perl. Mettez peut-être ce point en tête de votre liste et allez-y. Il n'y a pas de voie toute tracée, donc le tâtonnement est parfaitement acceptable. Regardez si vous pouvez accéder à, ou lire, certains emplacements classiques. Lisez toujours le fichier d' | ||
**Now for some online reading: | **Now for some online reading: | ||
Ligne 27: | Ligne 45: | ||
https:// | https:// | ||
+ | |||
+ | Maintenant, un peu de lecture en ligne : | ||
+ | https:// | ||
+ | |||
+ | https:// | ||
+ | |||
+ | https:// | ||
**Yes, you have to read those, it will give you ideas and get you in the right mindset. I am not linking the gotmilk (g0tmi1k) website as it is linked in one of those pages, but go there. Pay attention to the commands being used, you need to know those in your sleep. Notice that advice on (Linux) privilege escalation is not structured. There seems to be no pattern. However, you need to make a recipe that works for you. | **Yes, you have to read those, it will give you ideas and get you in the right mindset. I am not linking the gotmilk (g0tmi1k) website as it is linked in one of those pages, but go there. Pay attention to the commands being used, you need to know those in your sleep. Notice that advice on (Linux) privilege escalation is not structured. There seems to be no pattern. However, you need to make a recipe that works for you. | ||
Ligne 35: | Ligne 60: | ||
Complaints or comments? Yes, I am a scatterbrain. E-mail us: misc@fullcirclemagazine.org** | Complaints or comments? Yes, I am a scatterbrain. E-mail us: misc@fullcirclemagazine.org** | ||
+ | |||
+ | Oui, il vous faut lire tout cela, car ça vous donnera des idées et vous mettra dans le bon état d' | ||
+ | |||
+ | Le prochain numéro sera plus opérationnel ! | ||
+ | |||
+ | Je vous y donnerai beaucoup d' | ||
+ | |||
+ | Des réclamations ou des commentaires ? Oui, je suis un écervelé. Envoyez-nous vos mails à : misc@fullcirclemagazine.org |
issue155/c_c.1585463502.txt.gz · Dernière modification : 2020/03/29 08:31 de d52fr