Have you ever wanted to be a fly on the wall, watching a penetration tester attack a new machine — working their way through the layers of security, ultimately leveraging what they learned into a login? What tools are used, what do they reveal, and how is the information applied? Well good news, because [Phani] has documented a step-by-step of every action taken to eventually obtain root access on a machine — amusingly named DevOops — which was set up specifically for testing.
[Phani] explains every command used (even the dead-end ones that reveal nothing useful in this particular case) and discusses the results in a way that is clear and concise. He starts from a basic port scan, eventually ending up with root privileges. On display is an overall process of obtaining general information. From there, [Phani] methodically moves towards more and more specific elements. It’s a fantastic demonstration of privilege escalation in action, and an easy read as well.
For some, this will give a bit of added insight into what goes on behind the scenes in some of the stuff covered by our regular feature, This Week in Security.
Support the originator by clicking the read the rest link below.
