Explore privilege escalation techniques using the Metasploit Framework in this 50-minute conference talk from Derbycon 2012. Dive into topics such as Linux root elevation, exploit local modules, and Nmap Lua scripting. Learn about business-specific exploit writing, CRC collision techniques, and the differences between Ruby and C implementations. Discover advanced concepts like kernel exploits, SMB relay attacks, and automatic domain authentication. Gain insights into service manager manipulation and shell exploit compilation for enhancing your penetration testing skills.
Overview
Syllabus
Intro
Shells
Community
Easier to write
Why privilege escalation
Linux example
Root Elevator
Exploit Local Module
Con contrived exploit
Con exploit method
Example
Nmap
Nmap Lua
Business Specific Structure
Writing the Exploit
Demo
Skeletor
Task
Exploit Changes
CRC Collision
Ruby vs C
MattAzzam
The Process
The Exploit
The Goo
Parse
Socks10page
Kernels
SMB Relay
Awesomesauce technique
Automatic Domain Authentication
Service Manager
Compile Shell
Exploits
