Privilege Escalation

ftp privilege escalation

C:/ access already acquired

more at

At this point you have gained access to the FTP

you have validated that you have C:/ access

run #ls -la to confirm the available directories, similar file structure to a windows OS will confirm that you have C:/ Access

There can be multiple ways to escalate privileges via FTP access.

Accessing "All Users" directory will provide files that all users have access too, including the root

  • Exploring a web application?

    • yes

      • if in "All Users" locate "Application Data" this will contain data pertaining to the application (I know it's an obvious sentence). The key here is that all users can access it.

      • downloaded files?

        • yes

          • use grep to optimize your searching

          • #cat * | grep -A 20 -B 20 "prtgadmin" (string can be whatever you want)

            • -A print number of lines trailing context

            • -B print number of lines before context

            • in this example we may have achieved privilege escalation by acquiring the admin password for the web application. The next steps would be to access the web app to determine if more work is necessary