Help need with practicalpentestlabs


#1

Hi i need help with practicalpentestlabs.com SKYWALKER 10.0.1.12 lab to make privilege escalation.
if someone have ideas how to make it I’m gonna be a very thankful .
:slight_smile:


#2

I have never used one of those labs so I can’t help directly, but the one hint I always give when someone is in the privilege escalation phase is this: enumerate EVERYTHING! A good and complete enumeration will give you a lot of valuable information to work with and analyze, it’s the main key to all privilege escalation techniques.

Also isn’t it much more fun to do it on your own, after researching and reading a lot of new topics? Remember, these challenges are supposed to be fun, and guiding you towards the solution ruins part of it :wink:


#3

i try many times to take priv escalation but no luck that’s why i’m asking for help.
I found out is mysql priv escalation but i never do it before. :slight_smile:


#4

We can’t know what to tell you if we don’t even know the version of MySQL or the type of data found in the database, you’ll have to do it yourself. Check out this article and look up exploit-db, there are several public priv-esc techniques for MySQL so you should read as much as you can about them and see which ones you can try yourself.


#5

Baud thanks for help this is all info for target machine
Linux SKYWALKER 3.19.0-25-generic #26~14.04.1-Ubuntu SMP Fri Jul 24 21:18:00 UTC 2015 i686 i686 i686 GNU/Linux
mysql Ver 14.14 Distrib 5.5.47
this is the info from LinEnum https://pastebin.com/JCL3S8RY
and this is from linuxprivchecker https://pastebin.com/8LmUCtyi
I’m taking metasploit php shell and my id is www-data i try with dirty cow but no luck
If you have any ideas i’m gonna be glad to hear it :slight_smile:


(Command-Line Ninja) #6

Watch this


#7

https://www.youtube.com/watch?v=7F37r50VUTQ :slight_smile: :slight_smile: :slight_smile: