1

I'm doing OSCP, and have been on this problem for a while. I need some guidance on this.

I manage to get a weevely shell to a lab machine via SQL injection.

The OS is CentOS 5.4

The user is "apache", a low-privilege user.

Downloading and uploading to this server is not possible.

wget, curl and ftp are available, but have been rendered useless by some sort of firewall. This is only my suspicion, because I can still run the help command of these programs. Since I cannot view Iptables -L, I cannot say anything about firewall setting.

Most weevely modules (download from URL, spawning tcp shell) are not useable. The reason might be the firewall.

However: I can use SQL injection to write to webpage root folder as root. The file is "rw" to all users, but not "x".

Running basic shell commands such as: find, ls, cat, echo, is ok.

There are python, perl, php and gcc. I can compile C, run python and the like.

*Currently, I'm trying to echo a C file to the /tmp folder, and compile it get a meterpreter.

Anders
  • 64,406
  • 24
  • 178
  • 215
phong
  • 119
  • 3
  • 1
    I'm not sure how we can help you. Those who have done the OSCP are not going to give you inside info, and there is not enough info here to try to walk you through the entire process to try to pop the box. – schroeder Apr 15 '16 at 15:05
  • 1
    I haven't looked closely but I feel like this question has to be violating some part of the Offensive Security lab agreement. TRY HARDER. – nyxgeek Apr 15 '16 at 17:02
  • If you have a low profile shell you can upload the meterpreter with netcat , and then run the corresponded privilege escalation process i think @schoeder can validate if this is right, if you cant use nc because permission you can do the same with any programming language – Sarastro Apr 15 '16 at 19:06

0 Answers0