Table of Contents 1. Basic knowledge 1. Managing Privileges management permissions 2. System Privileges System privileges 3. System Privileges: Example System Privileges: Example 4. Who Can Grant or Revoke? Who can grant or revoke permissions? 5.The PUBLIC 6.SYSDBA and SYSOPER 7. Revoke with ADMIN OPTION Use ADMIN OPTION to revoke 8. Some Points Some system […]
Tag: privileges
API hook monitoring under R3 starts with right-click administrator privileges
1. Basic principles On previous operating systems, hooking CreateProcessInternel can monitor process creation. When starting as an administrator, the situation changes. Our explorer no longer calls the original path, but uses an unexported function AicFindLaunchAdminProcess. The AicFindLaunchAdminProcess function is defined as: ULONG_PTR WINAPI AicFindLaunchAdminProcess( LPWSTR lpApplicationName, LPWSTR lpParameters, DWORD UacRequestFlag, DWORD dwCreationFlags, LPWSTR lpCurrentDirectory, HWND […]
E044-Service vulnerability exploitation and reinforcement-Using redis unauthorized access vulnerability to escalate privileges
Task implementation: E044-Service vulnerability exploitation and reinforcement-Using redis unauthorized access vulnerability to escalate privileges Task environment description: Server scenario: p9_kali-6 (username: root; password: toor) Server scenario operating system: Kali Linux 192.168.32.123 Server scenario: p9_linux-6 (username: root; password: 123456) Server scenario operating system: Linux 192.168.32.147 ————————————————– ————————————————– ————————– Experimental Level: intermediate Task scenario: 【Task Scenario】 Panshi […]
Linux user/group management (user group files. Create, view, set, delete users/groups. Elevate privileges, modify permissions UGO, ACL)
User/Group Management Concept and function View the currently logged in user information and file owner View the username of the running process ll /home/ //There are as many files as there are users. File for user group to store information User basic information file /etc/passwd //Insufficient permissions cat/etc/passwd //cat and other commands to view the […]
[phpMyadmin] MYSQL breaks through secure_file_priv and writes shell to escalate privileges
Foreword phpMyAdmin is a MySQL database management tool based on PHP and structured in Web-Base mode on the website host, allowing administrators to use the Web interface to manage MySQL databases. This web interface can be a better way to input complex SQL syntax in a simple way, especially when processing the import and export […]
Kaniko quickly builds and pushes container images without privileges in containerd
Table of Contents 1. What is kaniko? 2. Working principle of kaniko 3. kanijo works on Containerd Based on serverless considerations, we chose kaniko as the image packaging tool. It is a docker image building tool provided by Google that does not require privileges to build. 1. What is kaniko Kaniko is a tool for […]
(1) The rstudio container user configures root privileges and installs conda
Image installation reference: Docker deploys Rstudio Server [1]: Getting Started with Docker – Short Book 1. View running containers: docker ps 2. Enter the container: docker exec -it my_rstudio /bin/bash 3. Installation tool: apt-get install 4. View permission configuration file: cat /etc/sudo 5. Check and confirm the user (rstudio): cat /etc/passwd | cut -d: -f1 […]
VC++ modify Windows operating system firewall rules (requires administrator privileges)
Small example: Fw::NetFirewallAddApplication(“TEST”, “C:\1.EXE”); head File: #pragma once #include <ppp/stdafx.h> namespace ppp { namespace win32 { namespace network { class Fw { public: typedef enum { NetFirewallType_DomainNetwork, NetFirewallType_PrivateNetwork, NetFirewallType_PublicNetwork, } NetFirewallType; static bool NetFirewallAddApplication(const char* name, const char* executablePath, NetFirewallType netFwType) noexcept; static bool NetFirewallAddApplication(const char* name, const char* executablePath) noexcept; static bool NetFirewallAddAllApplication(const char* […]
[Red Team Shooting Range] Use redis to write without authorization, docker to escalate privileges and escape, ms17-010, horizontally win the domain controller
Red Team Shooting Range Supporting video of station B: [Hang up a three-link chanting conveniently] https://www.bilibili.com/video/BV1814y1Z774/?share_source=copy_web & vd_source=0e30e09a4adf6f81c3038fa266588eff Series of Columns: Red Team Shooting Range Welcome to followLikeFavoriteLeave a message Starting time: May 3, 2023 The author’s level is very limited, if you find an error, please let me know, thank you! The road to […]
Privilege Escalation: Overflow Vulnerability. (Normal Privilege Elevation Administrator Privileges.)
Elevation of privilege: overflow vulnerability Privilege escalation is short for privilege elevation, because operating systems are all multi-user operating systems, < strong>Users have authority control, for example, the authority obtained through the web vulnerability is the authority of the web process, often the web service is started with an account with very low authority, so […]