Hello everyone¡¡
Im trying to get a shell with root privileges in my own raspberry pi, just for practicing. I have tried so many things, read so many blogs but nothing works. I connected to rapsberry by ssh/telnet that i left opened, and i simulate a brute force attack to an regular user (bob), so just got a non privilege shell and meterpreter session using metasploit.
I followed gotmilk and payatu blogs...
Launched a linuxprivchecker and i get the following informantion:
Kernel: Linux version 4.19.75-v7+ (dom@buildbot) (gcc version 4.9.3 (crosstool-NG crosstool-ng-1.22.0-88-g8460611)
OS: Raspbian GNU/Linux 10
Super Users Found: root
Installed Tools
/usr/bin/awk
/usr/bin/perl
/usr/bin/python
/usr/bin/ruby
/usr/bin/gcc
/usr/bin/cc
/usr/bin/vi
/usr/bin/find
/bin/netcat
/bin/nc
/usr/bin/wget
The following exploits are applicable to this kernel version and should be investigated as well
- Kernel ia32syscall Emulation Privilege Escalation || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=c
- Sendpage Local Privilege Escalation || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=ruby
- CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=c
- CAP_SYS_ADMIN to root Exploit || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=c
- MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=c
- open-time Capability file_ns_capable() Privilege Escalation || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=c
- open-time Capability file_ns_capable() - Privilege Escalation Vulnerability || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=c
Also launched:
find / -perm -u=s -type f 2>/dev/null
/sbin/mount.cifs
/sbin/mount.nfs
/bin/ntfs-3g
/bin/fusermount
/bin/ping
/bin/mount
/bin/umount
/bin/su
/usr/lib/openssh/ssh-keysign
/usr/lib/telnetlogin
/usr/lib/arm-linux-gnueabihf/gstreamer1.0/gstreamer-1.0/gst-ptp-helper
/usr/lib/chromium-browser/chrome-sandbox
/usr/lib/policykit-1/polkit-agent-helper-1
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/usr/bin/pkexec
/usr/bin/gpio
/usr/bin/gpasswd
/usr/bin/Xvnc
/usr/bin/passwd
/usr/bin/chfn
/usr/bin/sudo
/usr/bin/vncserver-x11
/usr/bin/chsh
/usr/bin/newgrp
Maybe there are not enough info in order to help, but if somebody has an idea that could help me... I would be grateful. Anyway, i dont even know if it is possible to hack it because it is not a lab prepared to pentesting.
Thank you in advance.
Im trying to get a shell with root privileges in my own raspberry pi, just for practicing. I have tried so many things, read so many blogs but nothing works. I connected to rapsberry by ssh/telnet that i left opened, and i simulate a brute force attack to an regular user (bob), so just got a non privilege shell and meterpreter session using metasploit.
I followed gotmilk and payatu blogs...
Launched a linuxprivchecker and i get the following informantion:
Kernel: Linux version 4.19.75-v7+ (dom@buildbot) (gcc version 4.9.3 (crosstool-NG crosstool-ng-1.22.0-88-g8460611)
OS: Raspbian GNU/Linux 10
Super Users Found: root
Installed Tools
/usr/bin/awk
/usr/bin/perl
/usr/bin/python
/usr/bin/ruby
/usr/bin/gcc
/usr/bin/cc
/usr/bin/vi
/usr/bin/find
/bin/netcat
/bin/nc
/usr/bin/wget
The following exploits are applicable to this kernel version and should be investigated as well
- Kernel ia32syscall Emulation Privilege Escalation || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=c
- Sendpage Local Privilege Escalation || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=ruby
- CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=c
- CAP_SYS_ADMIN to root Exploit || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=c
- MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=c
- open-time Capability file_ns_capable() Privilege Escalation || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=c
- open-time Capability file_ns_capable() - Privilege Escalation Vulnerability || No tienes permitido ver los links. Registrarse o Entrar a mi cuenta || Language=c
Also launched:
find / -perm -u=s -type f 2>/dev/null
/sbin/mount.cifs
/sbin/mount.nfs
/bin/ntfs-3g
/bin/fusermount
/bin/ping
/bin/mount
/bin/umount
/bin/su
/usr/lib/openssh/ssh-keysign
/usr/lib/telnetlogin
/usr/lib/arm-linux-gnueabihf/gstreamer1.0/gstreamer-1.0/gst-ptp-helper
/usr/lib/chromium-browser/chrome-sandbox
/usr/lib/policykit-1/polkit-agent-helper-1
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/usr/bin/pkexec
/usr/bin/gpio
/usr/bin/gpasswd
/usr/bin/Xvnc
/usr/bin/passwd
/usr/bin/chfn
/usr/bin/sudo
/usr/bin/vncserver-x11
/usr/bin/chsh
/usr/bin/newgrp
Maybe there are not enough info in order to help, but if somebody has an idea that could help me... I would be grateful. Anyway, i dont even know if it is possible to hack it because it is not a lab prepared to pentesting.
Thank you in advance.
