[vc_row type=”in_container” full_screen_row_position=”middle” scene_position=”center” text_color=”dark” text_align=”left” overlay_strength=”0.3″][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_shadow=”none” width=”2/3″ tablet_text_alignment=”default” phone_text_alignment=”default” column_border_width=”none” column_border_style=”solid”]
I started to write about Nginx and today I want to show you an interesting video about how to exploit a Nginx. It was discovered by Dawid Golunski (firstname.lastname@example.org) and I saw this information from LegalHackers.com
The next video below demonstrates how an attacker using the CVE-2016-1247 vulnerability in Nginx packaging on Debian-based and Gentoo systems (such as Debian, Ubuntu, Gentoo etc.), could escalate their privileges to root user upon gaining access to the system as www-data user.
In the presented scenario, the attacker gains the local access to www-data shell by exploiting a pre-existing webapp vulnerability (File Upload) to upload a reverse shell and then proceeds to privilege escalation.
You can find the full advisory of this Nginx pkg. vulnerability (CVE-2016-1247)
learn, learning, the best security practice, ethical hacking, IT, Admin, Administrator, Server, User, Kali Linux, Phone, Download, Blog, WordPress, Free, Lab, Pentest, Pentester