How to Compromise a Web Server & Upload Files to Check for Privilege Escalation, Part 2

In the first guide, we laid the groundwork for our ultimate goal of uploading and running the unix-privesc-check script on our target. We identified an input field vulnerable to SQL injection and utilized Sqlmap to set up a file stager on the server. Now, we're ready to upload files and execute the script, so we can identify any misconfigurations that could lead to privilege escalation. The unix-privesc-check script is a Bash script that runs on Unix systems and tries to identify misconfigurations that could allow for privilege escalation. It can run in either the standard mode, which is... more

Uncategorized