Privesc Ubuntu Server

2 replies [Last post]
Joined: 2017/04/04

Let's say I have gotten access to a server running Ubuntu and I am having a bit of trouble in getting root, just hypothetically. I got write access and read access to most files and folders. I own the entire site. Backdoor installed via PHP and there is mysql access through phpmyadmin and ssh and ftp access as well. So we are talking post explotation. There is very few tools available, seems not even mysql is present, which I don't get since there is access via phpmyadmin. I have no gcc available nor ability to run any python. I could compile stuff on my linux box although I lack knowledge in how runnable it would be on the compromised server. I am guessing that my best bet would be a privesc via mysql exploit, but I don't want to leave my IP in the logs when doing a reverse shell.

Any tips?

Sorry for not dropping any version numbers as I don't have them in front of me and this beeing hypothetically. I want to learn, but as of now I am just a white-hat script-kiddie noob. My goal, if this was real, would be to get shadow and let the rainbow shine on it until it is clear as day Smile