About me
Pentesting CheatSheets
TryHackMe Writeups
CyberEDU Writeups
eJPT

Powered by GitBook

On this page

Some basic vulnerability explanations
Kernel Exploits
Sudo
SUID
Cron Jobs

Pentesting CheatSheets

Privilege Escalation

Linux Privesc Techniques

Some basic vulnerability explanations

Kernel Exploits

Great resource -> https://www.linuxkernelcves.com/cves
First you need to enumerate the kernel version then search for exploits on google

Sudo

Leverage LD_PRELOAD
- Check for LD_PRELOAD (with the env_keep option)
- Write a simple C code compiled as a share object (.so extension) file
- Run the program with sudo rights and the LD_PRELOAD option pointing to our .so file
Leverage application function

If you have sudo rights to run a program see this -> https://gtfobins.github.io/

SUID

SUID -> set user ID

SUID bit allows users to run executable files with the same permissions as the owner of that file
Find files that are SUID bit.
Search on gtfobins for exploit a SUID file

See https://www.stationx.net/linux-file-permissions-cheat-sheet/ for more info about file permissions

Cron Jobs

Cronjobs -> scheduled tasks

Identify the active jobs.
Check if there’s a scheduled task that runs with root privileges or any other user.
Change the script that will be run & gain that jobs owner privileges. (we can change if that script has write,execute perm or not full path defined loopholes etc).

PreviousLinux Enumeration NextTricks

Last updated 1 year ago