How A Pentester Gets Root

Have you ever wanted to be a fly on the wall, watching a penetration tester attack a new machine — working their way through the layers of security, ultimately leveraging what they learned into a login?  What tools are used, what do they reveal, and how is the information applied? Well good news, because [Phani] has documented a step-by-step of every action taken to eventually obtain root access on a machine — amusingly named DevOops — which was set up specifically for testing.

[Phani] explains every command used (even the dead-end ones that reveal nothing useful in this particular case) and discusses the results in a way that is clear and concise. He starts from a basic port scan, eventually ending up with root privileges. On display is an overall process of obtaining general information.  From there, [Phani] methodically moves towards more and more specific elements. It’s a fantastic demonstration of privilege escalation in action, and an easy read as well.

For some, this will give a bit of added insight into what goes on behind the scenes in some of the stuff covered by our regular feature, This Week in Security.

9 thoughts on “How A Pentester Gets Root

  1. Rooting through the git commit history reminds me of one of my favourite tricks – once I’m in I make a copy of .bash-history, there’s always some interesting stuff in there

  2. How A Modern Government Pentester Gets Root: Charge the user with Insurrection even if it is not true. Threaten him/her with a life-worse-than-death in prison if he/she doesn’t provide the login credentials. Enter the newly obtained username and password. Kill the so-called Insurrectionist anyway by hanging in his/her cell with no witnesses. Elapsed time: 13 minutes. Satisfaction: 100%

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.