We have a meterpreter shell running on a compromised server—more specifically, bee-box with the IP 192.168.56.12. Let's start by finding a way to escalate privileges:
- Kali Linux includes a tool called unix-privesc-check; it checks the system for configuration vulnerabilities that may allow us to escalate privileges. From a meterpreter shell, we can use the upload command to upload it to the server. In your meterpreter session, issue the upload /usr/bin/unix-privesc-check /tmp/ command.
- Once the file is uploaded, open a system shell (using the shell command in meterpreter) and run the script with /tmp/unix-privesc-check standard. The following screenshot shows the process:
- The script will show a long list of results, ...