系统相关
首页 > 系统相关> > Ethical.Hacking.2021.10:PIVOTING AND PRIVILEGE ESCALATION(2)Extracting Password Hashes on Linux

Ethical.Hacking.2021.10:PIVOTING AND PRIVILEGE ESCALATION(2)Extracting Password Hashes on Linux

作者:互联网

Linux doesn’t store plaintext passwords. Instead, it stores an HMAC-SHA256 hash of the
passwords in the file /etc/shadow. 

The permissions on the /etc/shadow/ file indicate that only the owner (root) and the group (shadow) can read the file, and that only a root user can write to it.

The unix-privesc tool is preinstalled on Kali Linux and allows you to check a system for vulnerabilities that might allow a privilege escalation attack:

unix-privesc-check standard

The Meterpreter shell has similar functionality built in. You can
use the command getsystem to search for and exploit possible
privilege escalation vulnerabilities:

meterpreter > getsystem

After you gain root privileges, run the Meterpreter module
hashdump to extract the hashes from the system.

meterpreter > run hashdump

举例: Performing a Dirty COW Privilege Escalation Attack

a kernel-level vulnerability nicknamed Dirty COW. The vulnerability (CVE-2016-5195) allows an
attacker without root privileges to edit any file by exploiting a bug in how the Linux kernel manages memory. 

标签:Ethical,PIVOTING,ESCALATION,only,file,Linux,shadow,root,getsystem
来源: https://blog.csdn.net/lm19770429/article/details/121884998