Posts

Showing posts from 2018

OSSEC Privilege Escalation via Directory Traversal

Image
Overview OSSEC Hids can allow an attacker escalate privileges via the method described in this post. I recently came across this issue which could present a concern in some environments. This issue is known as CVE-2018-19666.
Access Required There is some access required, as this is privilege escalation. Full access to the OSSEC server.Low privilege access to a system with OSSEC hids agent installed. The Vulnerability OSSEC has a feature called ActiveResponse that allows OSSEC admins to execute scripts to respond to security incidents. The documentation says the script has to be in a specified directory, specifically it says this:

The [response script] must be inside the /var/ossec/active-response/bin/ [on the system with ossec hids] with the execution permissions set.

This Active Response feature can run scripts remotely on the client system if the script is in the active-response/bin directory either on windows or linux. When a specially crafted configuration is used, an attacker …

Path to OSCP

Pre-Lab First Steps I started getting ready for OSCP about 2 months before starting the labs, I did this because I only had enough funds for 2 months of lab access. In those 2 months before the labs, I casually attempted several boot2root VMs from vulnhub. I had limited success with these VMs, often having to go through the walk-troughs listed on vulnhub to finish them. See the bottom of this post for a list of VulnHub VMs that helped me. The important thing with this course is to keep trying & learning even when you feel desperation and experience failure.
Getting Started With PWK Once you get your course material, I'd recommend that you go through all of it and complete the exercises. Be conscious of your time, don't spend more than required on the material. In my case, I didn't read the PDF but, watched all the videos and then decided to go straight to the labs. I often had to reference the PDF while in the labs, you should read the PDF!
Note taking is extremely im…