Index for Linux Privilege Escalation

Guides to have at hand

• HackTricks. Written by the creator of WinPEAS and LinPEAS.
• Vulnhub PrivEsc Cheatsheet.
• s0cm0nkey's Security Reference Guide.

This is a nice summary related to Local Privilege Escalation by @s4gi_:

Basic commands for reconnaissance

Some basic commands once you have gained access to a Linux machine:

whoami
pwd
id
uname -a
lsb_release -a

Enumeration scripts

Enumeration scripts

• Scan the Linux system with "linEnum".
• Search for possible paths to escalate privileges with "linPEAS".
• Enumerate privileges with "Linux Privilege Checker" tool.
• Enumerate possible exploits with "Linux Exploit Suggester" tool.

Privilege escalation techniques

Techniques

• Cron jobs: path, wildcards, file overwrite.
• Daemons.
• Dirty cow.
• File Permissions:
  • Configuration files.
  • Startup scripts.
  • Process capabilities: getcap
  • Suid binaries: shared object injection, symlink, environmental variables.
  • Lxd privileges escalation.
• Kernel vulnerability exploitation.
• LD_PRELOAD / LD_LIBRARY_PATH.
• NFS.
• Password Mining: logs, memory, history, configuration files.
• Sudo: shell escape sequences, abuse intended functionality.
• ssh keys.

Last update: 2024-06-06
Created: February 2, 2023 19:36:50