Have an account?
It looks like you're new here. If you want to get involved, click one of these buttons!
Apply for Membership
Who's Online (1)
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
General Security Discussions
uploading vulnerable application to get root ?
I got a question in mind,this question came as a result of debate between my friends,
while we are discussing about privilege escalation one of my friend said
"say if we have backdoor access with limited privileges to a
web-server,we could have gain root access by uploading a vulnerable
application and exploit it to become a root"
but another one saying that "no ,even if you exploit the bug you can
only get the privilege of the current user,not the root privilege" .
i am not sure which one is correct,so tought of asking here
which one would be true ?
From what i understand there are a few factors to consider, but as i understand the second opinion is correct for the most part. This is why a number of privilege escalation use services which are already running under root, e.g. apache, mysql...
Don't get me wrong i'm sure there are occasions when your can upload a vulnerable app and exploit that but from my experience it only works with an application that has root privileges.
you need to upload and install one app with root privileges but for those you need always to be su
Add a Comment