Linux Privilege Escalation

Basic Linux Privilege Escalation

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

Automated Enumeration

git clone https://github.com/rebootuser/LinEnum.git

./LinEnum.sh
git clone https://github.com/diego-treitos/linux-smart-enumeration
git clone https://github.com/pentestmonkey/unix-privesc-check.git

./unix-privesc-check
./unix-privesc-check standard > output.txt

Information Gathering

  1. What's the OS? What version? What architecture?

    cat /etc/issue
cat /etc/*-release
uname -i
lsb_release -a (Debian based OSs)

  2. Who are we? Where are we?

    id
whoami
pwd

  3. Who uses the box? What users? (And which ones have a valid shell)

    cat /etc/passwd
grep -vE "nologin|false" /etc/passwd

  4. What's currently running on the box? What active network services are there?

    ps aux
netstat -antup

  5. What's installed? What kernel is being used?

    dpkg -l (Debian based OSs)
rpm -qa (CentOS / openSUSE )
uname -a

Check sudo access

https://gtfobins.github.io

Mix cp/chown and chmod

https://www.adampalmer.me/iodigitalsec/2009/10/03/linux-c-setuid-setgid-tutorial/

https://www.hackingarticles.in/linux-privilege-escalation-using-suid-binaries/

Check Scheduled Tasks

https://github.com/DominicBreuker/pspy

Readable/Writable Files and Directories

Check history, bashrc, backup

Binaries That AutoElevate

Unmounted Disks

cat /etc/fstab /bin/lsblk mount

PreviousWindows Privilege EscalationNextBuffer Overflow

Last updated

Was this helpful?