1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

Wannabe "Ethical Hacker" - Trying to learn priviledge escalation

Discussion in 'Ethical hacking' started by nokaoi77, Feb 20, 2010.

  1. nokaoi77

    nokaoi77 New Member

    Joined:
    Feb 20, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    good morning all, total newbie here... unfortunately for me...i am both, new to linux (my apologies, 20/yrs windows, 0 linux) LOL and, new to exploiting systems. and on top of these obstacles, i am doubling my frustration by pursuing related credentials of CEH (Certified Ethical Hacker) and CPT (Certified Penetration Tester), so as i am sure you can guess, i am feeling insane and well out of my comfort zone/league. down to it! i am searching for help - forums where i can communicate my needs and receive help/guidance. heck, i would love to pay for a couple hours worth of PROFESSIONAL (well, better than me anyhow) training... i just cant seem to find such resources. anyhow, so, my situation... i have a VM for my lab testing, friends chose RedHat7 it using Kernel 2.4.20 goal is to acquire the SHADOW/PASSWD files and crack them, specifically user of root i am as far as 1 user account in, i can log into the gui of RedHat, see directories (cept those without permissions) need help with the following; 1. IMMEDIATE HELP/OBJECTIVE - finding a local privilege escalation to root exploit (i.e. do_brk, crash, krnl, ptrace, etc.) - compiling, installing, running the code - gaining root access and i can take it from there (i hope) 2. NEXT GOAL something else i want to learn, is SSH Brute Force (hydra, brutessh, etc.) i use them, but they are NOT working....i think because the initial attempt is prompting for accepting the SSH key, but the Brute apps are not accepting it - i think! LAST OBJECTIVE finally, using metasploit to remotely compromise the system (what exploit and how to use it properly (payloads, configs, etc. well, these are ALL goals of the training i want to pursue over this weekend and next.... can someone, anyonem point me in the right direction! provide assistance, list some resources, propose where i can find the help to achieve those objectives above? thanks for your time and efforts - WELL IN ADVANCE!!! kindest regards, nokaoi77
     
  2. hanleyhansen

    hanleyhansen New Member

    Joined:
    Jan 24, 2008
    Messages:
    336
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Drupal Developer/LAMP Developer
    Location:
    Clifton
    Home Page:
    Your project seems very specific but I'm sure you'll find a lot of very good information in this forum. However, I recommend you taking a look at CBT Nuggets which is a instructional companies that provides videos and stuff on different topics a lot related to IT. I know they have a segment specifically for Ethical Hacking with excellent info with videos and a lot of goodies. It focuses on hacking in a Linux environment which is exactly what your looking for. If you're willing to pay for professional instruction then I recommend getting the CBT Nuggets videos which will help you a lot and will provide a structured instruction which is the best way to go for you. Here is the link to the video segment I am talking about:

    http://www.cbtnuggets.com/webapp/product?id=250

    Hope this helps!
     

Share This Page