-- This is the ugliest post as I haven’t put much thought into it.
-- There are a couple things I do for Linux Privilege Escalation:
sudo -lIf it doesn’t ask for a password, we will be presented with the commands/executables we can run as root.Check permissions on shadow and passwd files
ls -l /etc/passwd
ls -l /etc/shadow- Check for kernel version:
uname -a
-- g0tmi1k’s Blog
-- Run the LinuxPrivChecker Python Script
uname -a
cat /etc/issue
cat /etc/*-release
mount
sudo -l
ps aux
ls -l /etc/cron*
-- Find starting at root (/), SGID or SUID, not Symbolic links, only 3 folders deep, list with more detail and hide any errors (e.g. permission denied)
find / -perm -g=s -o -perm -4000 ! -type l -maxdepth 3 -exec ls -ld {} ;2>/dev/null
Other Resources:
BeRoot Project
https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List
https://github.com/sheimo/oscp/blob/master/linux-template.md