search

Local Privileges Escalation

hashtag
Basic Enumeration

Local Enumerationchevron-right

hashtag
Attack Vectors

hashtag
Scheduled tasks

Scheduled taskschevron-right

hashtag
Password Authentication

The /etc/passwd file can contain password hashes directly instead of an x, indicating that the password hash is stored in /etc/shadow. If /etc/passwd is writable, it allows the creation of arbitrary users with root privileges.

Password Authenticationchevron-right

hashtag
Monitor Process

It possible that the administrative user used command line with sensitive information exposed.

In this situation monitoring the process can reveal this sensitive information

Local Privileges Escalation

hashtag
SetUID Binaries and Capabilities

SetUID Binaries and Capabilitieschevron-right

hashtag
Sudoers

it's possible to restrict a user's sudo permissions to specific commands or binaries. This is done by configuring the /etc/sudoers file, where certain users can be allowed to run only a defined set of commands with sudo.

Sudoerschevron-right

hashtag
Kernel Exploits

Kernel Exploitschevron-right

hashtag
References

LogoUnderstanding /etc/passwd File FormatnixCraftchevron-right
/etc/passwd format blog
LogoBasic Linux Privilege Escalation - g0tmi1kblog.g0tmi1k.comchevron-right
Basic Linux Privilege Escalation
LogoLinux permissions: SUID, SGID, and sticky bitRed Hatchevron-right
Red Hat - Linux permissions
LogoGitHub - DominicBreuker/pspy: Monitor linux processes without root permissionsGitHubchevron-right
pspy tool
LogoPEASS-ng/linPEAS at master Β· peass-ng/PEASS-ngGitHubchevron-right
LinPEAS
LogoGitHub - pentestmonkey/unix-privesc-check: Automatically exported from code.google.com/p/unix-privesc-checkGitHubchevron-right
PreviousLocal EnumerationNextScheduled tasks

Last updated