Senin, 30 Januari 2012

PRIVALLAGE ESCALATION

Privallage Escalation = is a technique to go in and take the access of others.

So to do Privillage prefication in Ip address192.168.0.21. There are things we haveperhatiakan:
1. seeking information sitarget
2. looking for a system that runs on the target
3. look for weaknesses of the target
4. take over or enter kesistem sitarget.

The steps are as follows:
1. Finding Information The target can use some of the applications used by Backtrack 5 are:
    - Information and select the network scaninggetharing and please select which one you     
      wantSample images using zenmap application:

2. After various information by using folderselanjuntx cents we look for any system that runs
    on IP 192.168.0.21 example image of the road system as follows:





3. Next we see what is running on IP address192.168.0.21 next we will look for flaws of the 
    system by using nessusSample images for spaces with nessus:

These images enter our loginusing nessus


This image will appear after you click the + addscan, after that we enter a name = local instanceand enter the target IP = 192.168.0.21 Example


This image appears above if we succeedscaning 192.168.0.21 and then click the report todisplay the results and click to find vulnernyalocal.


This picture above I try to click on local us a lot ofthat comes slanting please search vulnernya. sshfor example, we click it there are many systemsthat are running and there is a high-level system

4. Okay now we mengexplotasi terserbut because the condition already muncukupi for 
    exploitable.Here we can use or exploit msf console-db.These few examples of the   
    picture:

image above the preview imageexploit db
with this command can be seen that we can usewhat commands root@bt:/pentest/exploits/exploitdb# ./searchsploit webmin

with the command below we see the results as follows
root@bt:/pentest/exploits/exploitdb# ls

with the command below we see the results as follows
root@bt:/pentest/exploits/exploitdb# cat platforms/multiple/remote/2017.pl  

with the command below we see the results as follows: results from port 10000 to the webmin
root@bt:/pentest/exploits/exploitdb# perl platforms/multiple/remote/2017.pl  

with this command we see all the passwords, user, login etc..
root@bt:/pentest/exploits/exploitdb# perl platforms/multiple/remote/2017.pl 192.168.0.21 10000





Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)