Common Linux Privesc
Understanding Privilege Escalation
Direction of Privilege Escalation
Enumeration
Lets login as user3 as they have told us.
The hostname is polobox
Lets look at the /etc/passwd file
Lets look at how many shells there are on the machine
Lets look at the cronjobs
The critical file that had its permissions changed is /etc/passwd
Abusing SUID/GUID Files
Lets look for SUID files.
Lets run the file
Exploiting Writeable /etc/passwd
First lets switch users and create the hashed password
Now lets edit the file and add the password
Lets save the file and then login.
Escaping Vi Editor
Lets follow the steps
Exploiting Crontab
Lets follow the steps
First we create the msfvenom payload on our machine
Now lets find where the autoscript.sh file is located
Lets echo the shell into the file and start a netcat listener
After a while you should get a reverse shell
Exploiting PATH variable
Lets follow the steps
Last updated