Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Top Posters
Who's Online (1)
- m0rph 2:38AM
Powered by Vanilla.
Made with Bootstrap.
uploading vulnerable application to get root ?
-
hi guys,
I got a question in mind,this question came as a result of debate between my friends,
while we are discussing about privilege escalation one of my friend said
"say if we have backdoor access with limited privileges to a
web-server,we could have gain root access by uploading a vulnerable
application and exploit it to become a root"
but another one saying that "no ,even if you exploit the bug you can
only get the privilege of the current user,not the root privilege" .
i am not sure which one is correct,so tought of asking here
which one would be true ? -
From what i understand there are a few factors to consider, but as i understand the second opinion is correct for the most part. This is why a number of privilege escalation use services which are already running under root, e.g. apache, mysql...Don't get me wrong i'm sure there are occasions when your can upload a vulnerable app and exploit that but from my experience it only works with an application that has root privileges.Skype: mrpt3oTwitter: MrPteo
