Linux - Privilege Escalation.md

Linux - Privilege Escalation

⚠️ Content of this page has been moved to InternalAllTheThings/redteam/persistence/linux-persistence

• Tools
• Checklist
• Looting for passwords
  • Files containing passwords
  • Old passwords in /etc/security/opasswd
  • Last edited files
  • In memory passwords
  • Find sensitive files
• SSH Key
  • Sensitive files
  • SSH Key Predictable PRNG (Authorized_Keys) Process
• Scheduled tasks
  • Cron jobs
  • Systemd timers
• SUID
  • Find SUID binaries
  • Create a SUID binary
• Capabilities
  • List capabilities of binaries
  • Edit capabilities
  • Interesting capabilities
• SUDO
  • NOPASSWD
  • LD_PRELOAD and NOPASSWD
  • Doas
  • sudo_inject
  • CVE-2019-14287
• GTFOBins
• Wildcard
• Writable files
  • Writable /etc/passwd
  • Writable /etc/sudoers
• NFS Root Squashing
• Shared Library
  • ldconfig
  • RPATH
• Groups
  • Docker
  • LXC/LXD
• Hijack TMUX session
• Kernel Exploits
  • CVE-2022-0847 (DirtyPipe)
  • CVE-2016-5195 (DirtyCow)
  • CVE-2010-3904 (RDS)
  • CVE-2010-4258 (Full Nelson)
  • CVE-2012-0056 (Mempodipper)