Index for Linux Privilege Escalation
Guides to have at hand
- HackTricks. Written by the creator of WinPEAS and LinPEAS.
- Vulnhub PrivEsc Cheatsheet.
- s0cm0nkey's Security Reference Guide.
This is a nice summary related to Local Privilege Escalation by @s4gi_:
Basic commands for reconnaissance
Some basic commands once you have gained access to a Linux machine:
Enumeration scripts
Enumeration scripts
Privilege escalation techniques
Techniques
- Cron jobs: path, wildcards, file overwrite.
- Daemons.
- Dirty cow.
- File Permissions:
- Configuration files.
- Startup scripts.
- Process capabilities: getcap
- Suid binaries: shared object injection, symlink, environmental variables.
- Lxd privileges escalation.
- Kernel vulnerability exploitation.
- LD_PRELOAD / LD_LIBRARY_PATH.
- NFS.
- Password Mining: logs, memory, history, configuration files.
- Sudo: shell escape sequences, abuse intended functionality.
- ssh keys.