Difference between revisions of "Linux Priv Esc Notes"

m
m
Line 1: Line 1:
A collection of notes on Linux Privilege Escalation. Some will lead to r00t, some will help moving laterally, all depends on the end-goal. Trying to avoid the ''''How to do it'''' steps, focusing on ''''What to do'''' instead. Like most of the content on this site, these are put together for personal use but feel free to grab and share because sharing is caring.
+
A collection of notes on Linux Privilege Escalation. Some will lead to r00t, some will help moving laterally, all depends on the end-goal. Trying to avoid the ''''How to do it'''' steps, focusing on ''''What to do'''' instead. Like most of the content on this site, these are put together for personal use but feel free to grab and share because sharing is caring. I'll try to update this as often as I can as this is my go-to
 +
 
 +
= What's available to me immediately =
 +
* ''sudo'' roles to run programs as another user? root?
 +
* ''SUID/GUID'' executables (find ./ -perm 2000 -o -perm 4000 -print 2>/dev/null)
 +
** Can I escape to a shell? interactive feature? (nmap -i, vim :!sh)
 +
** Can I execute another command
 +
*** As command parameter
 +
*** Modifying PATH (e.g. if command calls 'date', 'cp /bin/bash > $HOME/date' and modifying $PATH)

Revision as of 13:38, 25 July 2018

A collection of notes on Linux Privilege Escalation. Some will lead to r00t, some will help moving laterally, all depends on the end-goal. Trying to avoid the 'How to do it' steps, focusing on 'What to do' instead. Like most of the content on this site, these are put together for personal use but feel free to grab and share because sharing is caring. I'll try to update this as often as I can as this is my go-to

What's available to me immediately

  • sudo roles to run programs as another user? root?
  • SUID/GUID executables (find ./ -perm 2000 -o -perm 4000 -print 2>/dev/null)
    • Can I escape to a shell? interactive feature? (nmap -i, vim :!sh)
    • Can I execute another command
      • As command parameter
      • Modifying PATH (e.g. if command calls 'date', 'cp /bin/bash > $HOME/date' and modifying $PATH)