Furrukh Taj

Infosec Enthusiast

Linux Privilege Escalation

08 Nov 2018 » offensive, security, privilege-escalation

-- This is the ugliest post as I haven’t put much thought into it.
-- There are a couple things I do for Linux Privilege Escalation:

  • sudo -l If it doesn’t ask for a password, we will be presented with the commands/executables we can run as root.
  • Check permissions on shadow and passwd files

    ls -l /etc/passwd
    ls -l /etc/shadow

  • Check for kernel version: uname -a

-- g0tmi1k’s Blog
-- Run the LinuxPrivChecker Python Script

uname -a
cat /etc/issue
cat /etc/*-release
sudo -l
ps aux
ls -l /etc/cron*

-- Find starting at root (/), SGID or SUID, not Symbolic links, only 3 folders deep, list with more detail and hide any errors (e.g. permission denied)

find / -perm -g=s -o -perm -4000 ! -type l -maxdepth 3 -exec ls -ld {} ;2>/dev/null

Other Resources:

BeRoot Project