So you've managed to get a shell on the target, but you only have measly low-level privileges. Now what? Privilege escalation is a vast field and can be one of the most rewarding yet frustrating phases of an attack. We could go the manual route, but like always, Metasploit makes it easy to perform local privilege escalation and get root with its exploit suggester module.
To run through the process, we're using Kali Linux as the attacking machine and Metasploitable 2 as the target. You can set up or use a similar pentesting lab — or the same one — to follow along with the guide below.
Step 1: Get Session on Target
The first thing we need to do is get a session with low privileges on the target. We can easily do this with Metasploit. Type msfconsole in the terminal to launch it.
~$ msfconsole [-] ***rting the Metasploit Framework console...
[-] * WARNING: No database support: No database YAML file
[-] *** .,,. . .$$$$$L..,,==aaccaacc%#s$b. d8, d8P d8P #$$$$$$$$$$$$$$$$$$$$$$$$$$$b. `BP d888888p d888888P '7$$$$""""''^^`` .7$$$|D*"'``` ?88' d8bd8b.d8p d8888b ?88' d888b8b _.os#$|8*"` d8P ?8b 88P 88P`?P'?P d8b_,dP 88P d8P' ?88 .oaS###S*"` d8P d8888b $whi?88b 88b d88 d8 ?8 88b 88b 88b ,88b .osS$$$$*" ?88,.d88b, d88 d8P' ..
Support the originator by clicking the read the rest link below.
