Linux Priv Esc Notes

Revision as of 13:39, 25 July 2018 by Dmina (talk | contribs) (What's available to me immediately)

A collection of notes on Linux Privilege Escalation. Some will lead to r00t, some will help moving laterally, all depends on the end-goal. Trying to avoid the 'How to do it' steps, focusing on 'What to do' instead. Like most of the content on this site, these are put together for personal use but feel free to grab and share because sharing is caring. I'll try to update this as often as I can as this is my go-to

What's available to me immediately

  • sudo roles to run programs as another user? root?
  • SUID/GUID executables (find ./ -perm 2000 -o -perm 4000 -print 2>/dev/null)
    • Can I escape to a shell? interactive feature? (nmap -i, vim :!sh)
    • Can I execute another command
      • As command parameter
      • Modifying PATH (e.g. if command calls 'date', 'cp /bin/bash > $HOME/date' and modifying $PATH)
    • Can I use Buffer Overflow to load arbitrary shell code?