Date: April 15, 2017 at 01:40AM
Date: April 17, 2017 at 10:10AM
Date: April 17, 2017 at 02:39PM
Date: April 18, 2017 at 11:56AM
Date: April 18, 2017 at 05:09PM
Date: April 18, 2017 at 06:18PM
Date: April 19, 2017 at 02:09AM
The video below demonstrates how an attacker using the CVE-2016-1247 vulnerability in Nginx packaging on Debian-based systems (such as Debian, Ubuntu etc.), could escalate their privileges to root user upon gaining access to the system as www-data user.
In the presented scenario, the attacker gains the local access to www-data shell by exploiting a pre-existing webapp vulnerability (File Upload) to upload a reverse shell and then proceeds to privilege escalation.
Date: November 16, 2016 at 08:11PM
Author: Dawid Golunski