Skip to main content

Posts

Showing posts from April, 2019

Privilege Escalation

Priv Esc Links: 1) https://gtfobins.github.io/ useful, privesc/jail-escape tasks 2) Priv Esc Tech Explained Explained 2 Techniques Commands Priv Esc Techniques 3) Linux Restricted Shell Bypass Guide Things to Check first for Linux Priv Esc 1.    sudo -l  2.    sudo su 3.    uname -a                   /version --> check for vuln 4.    check for files with root priv 5.    check for cron jobs 6.    /etc/passwd file --> writable ? 7.    #PATH exploit 8.    check for process with root 9.    run pspy to check for running processes & cron jobs 10. Check .bash_history 11. ls -la the home directory 12. Check /opt/, /var/www/html, /home/, /root, / ,  directories thoroughly  13. Check for World Readable files 14. Check if mysql is running as root.  15. "mount" command to check for permissions on folders/processes  16. Run "pspy -f"  on the target and check for all running file system tasks