When I was looking for some hints related to "priviledge escalation bugs" I found (on vuldb.com) short description about Apache2 and symlinks. Below few details...
( TL;DR )
As we can see on the screen below:
bug seems to be simple to exploit.
Assuming scenario like: sql injection found in webapp and you already have a shell (www-data)
if Apache2 is installed and the box is an old Ubuntu - you can use it to obtain more priviledges.
When I was reading about the bug I also found this information:
I couldn't find a way to create working symlink... First of all I though maybe it was something with the kernel version... and that's how I found that list:
After a while I realized that (starting from) Ubuntu12 is patched. The idea was to set back (to 0 for our testing purposes) this one setting:
Now it should be possible to change permission of /root:
Looks like it's done. ;]
More details you will find here.
Cheers
Brak komentarzy:
Prześlij komentarz