Abusing Fail2ban misconfiguration to escalate privileges on Linux

System and kernel versions
Fail2ban restarting every minute
ssh configuration in jail.conf
Default service values
Changing the actionban variable in iptables-multiport.conf
Getting reverseshell as root

--

--

--

I am an IT auditor, and a cyber security engineer. I love information technology, and I would love to give back to the community by writing some fun articles.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

DIGITAL WORLD PROJECT

Darknet crypto kingpin JokerStash retires after illicit $1 billion run — research

Keyless Technologies: Protecting Privacy of Enterprises through Passwordless Multi-factor…

Consumer Audit Trail for Data Analysis & Risk Assessment

How to Setup UFW on Raspberry Pi

Messing with Mikrotik — Part I

The New Post-It Note

Security Technology Q2 Summary

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Youssef Ichioui

Youssef Ichioui

I am an IT auditor, and a cyber security engineer. I love information technology, and I would love to give back to the community by writing some fun articles.

More from Medium

Source (Reverse Engineering and Source code review challenge) BLUETEAMLABSONLINE

LetsDefend — Suspicious Mshta Behavior [Write-up]

SOC Alert “Suspicious Mshta Behavior” from LetsDefend.io

DNS Shell- Tool to compromise and maintain control over victim machine

Tenets of Incident Response Postmortem (RCA)