How to Compromise a Web Server & Upload Files to Check for Privilege Escalation, Part 1

Information gathering is one of the most important steps in pentesting or hacking, and it can often be more rewarding to run things on the target itself as opposed to just running scripts against it remotely. With an SQL injection, a hacker can compromise a server and, ultimately, upload and run the "unix-privesc-check" script locally in order to further identify possible attack vectors. SQL Injection Primer SQL (structured query language) is a language used to perform queries on databases in order to retrieve and manipulate data. You will often find database systems on the back end of web... more