Table of contents
2. The purpose of the experiment
1. Experimental project name
Linux system vulnerability local privilege escalation and springboard setting experiment
2. The purpose of the experiment
1. The use of msf tools;
2. Exploitation method of "Dirty Cow" vulnerability CVE-2016-5195.
3. Experimental content
Exploiting System Vulnerabilities to Elevate Privileges Locally
4. Experimental environment
Experimental platform: CSIITR platform
Experiment target: 172.18.206.15 X
Tools: kali, weevely , msf , exploit
5. Experimental steps
3. Open the listening module in msfconsole , configure parameters to start listening.
6. Copy the Dirty Cow vulnerability from the database to the local and upload it to the target server to compile and escalate the privilege .
6. Experimental results
1. Write the content of the flag file in the website publishing directory: w1r91mdxeidy4hh5
2. Find the database configuration file used by the website, and write down the account password to connect to the database (example: username/password):
root/ca368418d
3. After obtaining the permission of the target system, write out the kernel version information of the target system:
Linux localhost.localdomain 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
7. Experimental summary
1. What is the metasploit framework and what does it do?
Metasploit Framework is a complete environment for writing, testing and using exploit code. This environment provides a reliable platform for penetration testing , shellcode writing, and vulnerability research. The framework is primarily written in the object-oriented Ruby programming language, with optional components written in C, assembler , and Python. Metasploit Framework is used as an auxiliary tool for buffer overflow testing, and it can also be said to be a vulnerability exploitation and testing platform. It integrates common overflow vulnerabilities and popular shellcodes on various platforms, and is constantly updated, making buffer overflow testing convenient and simple. Use the Metasploit security testing tool to keep logs during a penetration test , defining how each payload cleans itself after the run is complete.
2. What is the scope of the Dirty Cow vulnerability CVE-2016-5195?
Linux kernel >=2.6.22
3. What kind of changes have our permissions undergone in this experiment?
After obtaining a low-privileged local user, use this vulnerability to obtain write permissions for other read-only memory maps, and further obtain root permissions.
4. From the perspective of the defender, how to prevent this problem?
A. Update patches in time
B. Do not easily run any services as root, especially Web, database and file servers
C. The SUID bit should not be set to any program that is allowed to go to the shell. The SUID bit should not be set on any file editor, compiler, interpreter
D. Do not grant SUDO privileges to any program that allows escape to the Shell. Do not grant SUDO privileges to commands such as vi, more, less, perl, ruby, gdb, etc.
E. Using cron tasks that are not configured correctly, a type of linux timing tasks