good morning all, total newbie here... unfortunately for me...i am both, new to linux (my apologies, 20/yrs windows, 0 linux) LOL and, new to exploiting systems. and on top of these obstacles, i am doubling my frustration by pursuing related credentials of CEH (Certified Ethical Hacker) and CPT (Certified Penetration Tester), so as i am sure you can guess, i am feeling insane and well out of my comfort zone/league. down to it! i am searching for help - forums where i can communicate my needs and receive help/guidance. heck, i would love to pay for a couple hours worth of PROFESSIONAL (well, better than me anyhow) training... i just cant seem to find such resources. anyhow, so, my situation... i have a VM for my lab testing, friends chose RedHat7 it using Kernel 2.4.20 goal is to acquire the SHADOW/PASSWD files and crack them, specifically user of root i am as far as 1 user account in, i can log into the gui of RedHat, see directories (cept those without permissions) need help with the following; 1. IMMEDIATE HELP/OBJECTIVE - finding a local privilege escalation to root exploit (i.e. do_brk, crash, krnl, ptrace, etc.) - compiling, installing, running the code - gaining root access and i can take it from there (i hope) 2. NEXT GOAL something else i want to learn, is SSH Brute Force (hydra, brutessh, etc.) i use them, but they are NOT working....i think because the initial attempt is prompting for accepting the SSH key, but the Brute apps are not accepting it - i think! LAST OBJECTIVE finally, using metasploit to remotely compromise the system (what exploit and how to use it properly (payloads, configs, etc. well, these are ALL goals of the training i want to pursue over this weekend and next.... can someone, anyonem point me in the right direction! provide assistance, list some resources, propose where i can find the help to achieve those objectives above? thanks for your time and efforts - WELL IN ADVANCE!!! kindest regards, nokaoi77
Wannabe "Ethical Hacker" - Trying to learn priviledge escalation
Your project seems very specific but I'm sure you'll find a lot of very good information in this forum. However, I recommend you taking a look at CBT Nuggets which is a instructional companies that provides videos and stuff on different topics a lot related to IT. I know they have a segment specifically for Ethical Hacking with excellent info with videos and a lot of goodies. It focuses on hacking in a Linux environment which is exactly what your looking for. If you're willing to pay for professional instruction then I recommend getting the CBT Nuggets videos which will help you a lot and will provide a structured instruction which is the best way to go for you. Here is the link to the video segment I am talking about:
Hope this helps!
Hope this helps!