Fail2ban Privilege Escalation

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks.

Seeing as this was what fred had access to, I had to research it and any privilege escalations I can find regarding it.

What I found from - https://grumpygeekwrites.wordpress.com/2021/01/29/privilege-escalation-via-fail2ban/

"There are two things actionban and actionunban. If we have write access to this file, we can add our malicious command and escalate our privileges."

Needed to check if it was still running on the machine i SSH'd into.

Seeing as it is still running, I changed directories to fail2ban

changed directories to action.d

When i changed Directories to action and then listed everything. I could see that fred owned a file..

Once i vim'd into the "iptables-multiport.conf" file

before picture of the vim file

After I made changes to the vim file

Now I am going to modify where a machine is banned, Im going to change it to equal a privilege escalation. Also doing it on both actionban and actionunban which ensures I do not break anything I'm unaware of.

watch -n 0 ls -la /bin/bash

With the code above I was able to watch the privilege above to see if it changes.

With the code below, i made another terminal then tried to constantly SSH in, which blocked the second machine out and escalated the privileges of my first machine that was already inside.

With bash -p I am able to see i have escalated to root.

With this access I am able to get the final root flag