Linux Privilege Escalation

Kernel Exploit

  • Search for Exploits:

    • Research and find kernel exploits suitable for the target system.

    • Execute the exploit to escalate privileges.

Sudo Rights

  • Check Sudo Rights:

    • Use sudo -l to display programs with sudo rights.

SUID (Set User ID)

  • Find SUID Files:

    • Use the following command to list files with SUID or SGID bits set:

      find / -type f -perm -0400 -ls 2>/dev/null

CAPA (Capabilities)

  • List Applications with Capabilities:

    • Use the following command to list all applications with capabilities set:

      getcap -r / 2>/dev/null

Cron Jobs

  • View Cron Jobs:

    • Display the cron jobs configured on the system:

      cat /etc/crontab

PATH

  • Show System's PATH:

    • Display the system's PATH variable:

      echo $PATH

  • Writable Directories:

    • Identify writable directories:

      find / -writable 2>/dev/null

  • PATH Manipulation:

    • Temporarily modify PATH for privilege escalation:

      export PATH=/tmp:$PATH
cd /tmp
echo "/bin/bash" > thm
cd /home/murdoch
./test

NFS (Network File System)

  • Show Shared Folders:

    • Use showmount to display shared folders on an NFS server:

      showmount -e <ip>

  • NFS Configuration:

    • View the configuration of shared folders:

      cat /etc/exports
PreviousPrivilege Escalation [PrevEsc]NextBuffer Overflow (BOF)

Last updated