Member-only story
How to Get Root Privilege after getting foothold [ EJPT Notes]
This article helps you to get root access on the machine using privilege escalation. This article helps you to prepare for Ejpt exam.
Hi Hacker, Mr Horbio this side. Today we’ll learn about Privilege Escalation method. This is helps to get root access on the system. It is used by Red Teamer for getting Root privilege on the target machine after getting foothold. If you are preparing for Ejpt exam it will be helpful for you.
Story Time
Before a day ago, I hacked a machine using SSH. I want admin password so I can have full privilege. But I can’t access that thing. I research about it and finally got some techniques that is called privilege escalation. then I learned about it.
It has 2 type:
- Linux privilege escalation
- Windows privilege escalation
I was working on Linux system that’s why I used Linux Privilege Escalation. There is multiple method to escalate privilege. I used SUID Method by using Nmap. Let’s See How I did this?
SUID Privilege Escalation:
Let’s assume somehow you have foothold on the machine and Now You want to get root access.
firstly, you have to find the files that have special permission. Use this command for find that files :
file / -type f -perm -u=s 2>/dev/nullThis command helps to find that special permit files.
so I got one interesting file that is /usr/local/bin/nmap. Now write this command to get the root access.
nmap --interactive 
so finally I got root access using Nmap and now I can access any file using ! mark.
nmap > ! cat /etc/passwd I hope this article is helpful for you. If you learn something valuable then drop your clap here and follow me on medium for getting lot of tips and tricks about Ethical Hacking. We’ll meet very soon with new article.
