Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Top Posters
Who's Online (0)
Powered by Vanilla.
Made with Bootstrap.
uploading vulnerable application to get root ?
-
hi guys,
I got a question in mind,this question came as a result of debate between my friends,
while we are discussing about privilege escalation one of my friend said
"say if we have backdoor access with limited privileges to a
web-server,we could have gain root access by uploading a vulnerable
application and exploit it to become a root"
but another one saying that "no ,even if you exploit the bug you can
only get the privilege of the current user,not the root privilege" .
i am not sure which one is correct,so tought of asking here
which one would be true ? -
From what i understand there are a few factors to consider, but as i understand the second opinion is correct for the most part. This is why a number of privilege escalation use services which are already running under root, e.g. apache, mysql...Don't get me wrong i'm sure there are occasions when your can upload a vulnerable app and exploit that but from my experience it only works with an application that has root privileges.Skype: mrpt3oTwitter: MrPteo
