search

Linux Privilege Escalation

hashtag
Basic Linux Privilege Escalation

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/arrow-up-right

hashtag
Automated Enumeration

git clone https://github.com/rebootuser/LinEnum.git

./LinEnum.sh
git clone https://github.com/diego-treitos/linux-smart-enumeration
git clone https://github.com/pentestmonkey/unix-privesc-check.git

./unix-privesc-check
./unix-privesc-check standard > output.txt

hashtag
Information Gathering

  1. What's the OS? What version? What architecture?

    cat /etc/issue
cat /etc/*-release
uname -i
lsb_release -a (Debian based OSs)

  2. Who are we? Where are we?

    id
whoami
pwd

  3. Who uses the box? What users? (And which ones have a valid shell)

    cat /etc/passwd
grep -vE "nologin|false" /etc/passwd

  4. What's currently running on the box? What active network services are there?

    ps aux
netstat -antup

  5. What's installed? What kernel is being used?

    dpkg -l (Debian based OSs)
rpm -qa (CentOS / openSUSE )
uname -a

hashtag
Check sudo access

https://gtfobins.github.ioarrow-up-right

hashtag
Mix cp/chown and chmod

https://www.adampalmer.me/iodigitalsec/2009/10/03/linux-c-setuid-setgid-tutorial/arrow-up-right

https://www.hackingarticles.in/linux-privilege-escalation-using-suid-binaries/arrow-up-right

hashtag
Check Scheduled Tasks

https://github.com/DominicBreuker/pspyarrow-up-right

hashtag
Readable/Writable Files and Directories

hashtag
Check history, bashrc, backup

hashtag
Binaries That AutoElevate

hashtag
Unmounted Disks

hashtag
cat /etc/fstab /bin/lsblk mount

PreviousWindows Privilege EscalationNextBuffer Overflow

Last updated