Common Linux Privesc

Understanding Privilege Escalation

Direction of Privilege Escalation

Enumeration



Lets login as user3 as they have told us.

The hostname is polobox

Lets look at the /etc/passwd file


Lets look at how many shells there are on the machine


Lets look at the cronjobs


The critical file that had its permissions changed is /etc/passwd


Abusing SUID/GUID Files


Lets look for SUID files.


Lets run the file

Exploiting Writeable /etc/passwd


First lets switch users and create the hashed password


Now lets edit the file and add the password


Lets save the file and then login.

Escaping Vi Editor

Lets follow the steps



Exploiting Crontab


Lets follow the steps
First we create the msfvenom payload on our machine


Now lets find where the autoscript.sh file is located


Lets echo the shell into the file and start a netcat listener


After a while you should get a reverse shell
Exploiting PATH variable

Lets follow the steps


Last updated
Was this helpful?