Index for Linux Privilege Escalation
Guides to have at hand
- HackTricks. Written by the creator of WinPEAS and LinPEAS.
- Vulnhub PrivEsc Cheatsheet.
- s0cm0nkey's Security Reference Guide.
This is a nice summary related to Local Privilege Escalation by @s4gi_:
Basic enumeration
See Linux Enumeration Cheat sheet
Enumeration scripts
Enumeration scripts
Privilege escalation techniques
Techniques
- Cron jobs: path, wildcards, file overwrite.
- Daemons.
- Dirty cow.
- File Permissions:
- Configuration files.
- Startup scripts.
- Process capabilities: getcap
- Suid binaries: shared object injection, symlink, environmental variables.
- Lxd privileges escalation.
- Pentesting docker
- Pentesting kubernetes
- Hijacking Tmux Sessions
- Kernel vulnerability exploitation.
- Logrotate
- NFS.
- Password Mining: logs, memory, history, configuration files.
- Path Abuse
- Shared libraries: LD_PRELOAD / LD_LIBRARY_PATH.
- Sudo:
- ssh keys.
- Vulnerable services:
- Wildcard Abuse