Recently during a penetration testing assessment I was able to get Linux Privilege Escalation using weak NFS permissions in “/etc/exports”. Initially I got a restricted shell access with limited permissions by exploiting a vulnerable service. Started to recon for privilege escalation to root access but couldn’t get the “usual suspects” (Kernel Exploits, vulnerable services etc). Having no further progress for linux privilege escalation I went back to my pre-limitied shell recon results, its important to mention that penetration testers when they get the initial shell access often don’t look back at recon results and start gathering only the internal information about […]
privilege escalation
1 post