Privilege Escalation Techniques on a Linux Machine
There are different ways to escalate privileges on a Linux machine. Below
are notes on some methods you can use:
Note: Very resourceful links: TryHackMe, GTFOBins
1. Exploiting Outdated Kernel Versions
- To view the existing kernel information on a Linux machine, use
commands like (uname -a, cat /proc/version
- Then search the web for vulnerabilities relating to that specific
kernel version. Use websites like ExploitDB, Rapid7, CVE Details, NVD,
MITRE ATT&CK, and SecurityFocus. Download the script from any of
these sites to your device, then transfer it using python -m
http.server and wget commands. Finally, run the script on the target
machine (./script.py)
2. Leveraging Commands with SUDO Privileges
- often lower end users are given SUDO priviledges when using
certain commands like (find, locate and so on)
- using sudo -l you can list all the commands that have sudo
priviledges
- when those commands are listed, using gtfo bins
(https://gtfobins.github.io/), we can search for additional commands
we can run when using that command to enable us leverage our
privilege(for example, if the find command on a machine has sudo
priviledges, we go to gtfo bins, search for the find and click on the
sudo function under the sudo function section there are commands
which can be executed to grant privilege escalation to the attacker.
- when the command is run we gain root access.
-
3. Gaining Privilege Escalation Using Files with Read, Write, and Execute
Permissions(e.g vim, base64, nano)
- Firstly, we find files that have read, write and executable privileges
by inputting the command find / -type f -perm -04000 -ls 2>/dev/null.
There are different ways to escalate privileges on a Linux machine. Below
are notes on some methods you can use:
Note: Very resourceful links: TryHackMe, GTFOBins
1. Exploiting Outdated Kernel Versions
- To view the existing kernel information on a Linux machine, use
commands like (uname -a, cat /proc/version
- Then search the web for vulnerabilities relating to that specific
kernel version. Use websites like ExploitDB, Rapid7, CVE Details, NVD,
MITRE ATT&CK, and SecurityFocus. Download the script from any of
these sites to your device, then transfer it using python -m
http.server and wget commands. Finally, run the script on the target
machine (./script.py)
2. Leveraging Commands with SUDO Privileges
- often lower end users are given SUDO priviledges when using
certain commands like (find, locate and so on)
- using sudo -l you can list all the commands that have sudo
priviledges
- when those commands are listed, using gtfo bins
(https://gtfobins.github.io/), we can search for additional commands
we can run when using that command to enable us leverage our
privilege(for example, if the find command on a machine has sudo
priviledges, we go to gtfo bins, search for the find and click on the
sudo function under the sudo function section there are commands
which can be executed to grant privilege escalation to the attacker.
- when the command is run we gain root access.
-
3. Gaining Privilege Escalation Using Files with Read, Write, and Execute
Permissions(e.g vim, base64, nano)
- Firstly, we find files that have read, write and executable privileges
by inputting the command find / -type f -perm -04000 -ls 2>/dev/null.
