How A Pentester Gets Root

Have you ever wanted to be a fly on the wall, watching a penetration tester attack a new machine — working their way through the layers of security, ultimately leveraging what they learned into a login?  What tools are used, what do they reveal, and how is the information applied? Well good news, because [Phani] has documented a step-by-step of every action taken to eventually obtain root access on a machine — amusingly named DevOops — which was set up specifically for testing.

[Phani] explains every command used (even the dead-end ones that reveal nothing useful in this particular case) and discusses the results in a way that is clear and concise. He starts from a basic port scan, eventually ending up with root privileges. On display is an overall process of obtaining general information.  From there, [Phani] methodically moves towards more and more specific elements. It’s a fantastic demonstration of privilege escalation in action, and an easy read as well.

For some, this will give a bit of added insight into what goes on behind the scenes in some of the stuff covered by our regular feature, This Week in Security.

9 thoughts on “How A Pentester Gets Root

  1. Rooting through the git commit history reminds me of one of my favourite tricks – once I’m in I make a copy of .bash-history, there’s always some interesting stuff in there

  2. How A Modern Government Pentester Gets Root: Charge the user with Insurrection even if it is not true. Threaten him/her with a life-worse-than-death in prison if he/she doesn’t provide the login credentials. Enter the newly obtained username and password. Kill the so-called Insurrectionist anyway by hanging in his/her cell with no witnesses. Elapsed time: 13 minutes. Satisfaction: 100%

Leave a Reply to DroneCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.