Linux Privilege Escalation Checklist
- Service Exploits (ex. MySQL User Defined Functions (UDFs) exploit)
- Weak FIle Permissions (ex. Readable /etc/shadow - Crack hash)
- Weak FIle Permissions (ex. Writable /etc/shadow - Replace hash with your own)
- Weak FIle Permissions (ex. Writable /etc/passwd - Replace X with your hash)
- Sudo - Shell Escape Sequences (sudo -l)
- Sudo - Environment Variables (ex. env_keep)
- Cron Jobs - File Permissions
- Cron Jobs - PATH Environment Variable
- Cron Jobs - Wildcards
- SUID/SGID Executables - Known Exploits
- SUID/SGID Executables - Shared Object Injection
- SUID/SGID Executables - Environment Variables
- SUID/SGID Executables - Abusing Shell Features
- Passwords & Keys - History Files
- Passwords & Keys - Config Files
- Passwords & Keys - SSH Keys
- NFS
- Kernel Exploits
Manual Enumeration
Enumerating Users
- Get username the shell is running as
whoami
- Get more information about the username
id <username>
- Getting information about the users on Linux
cat /etc/passwd
Enumerating the Hostname
- Get hostname
hostname
Enumerating the Operating System Version and Architecture
- Getting the version and architecture of the running operating system
cat /etc/issue
cat /etc/*-release
uname -a
Enumerating Running Processes and Services
- Getting a list of running processes on the operating system and matching services
ps axu
Enumerating Networking Information
- Listing the full TCP/IP configuration
ip a
- Printing the routes
route
- Listing all active network connections
ss -anp
Enumerating Firewall Status and Rules
- List firewall rules
iptables
- Firewall config files
/etc/iptables #search
Enumerating Scheduled Tasks
- Listing all cron jobs
ls -lah /etc/cron*
- Check scheduled tasks
cat /etc/crontab
cat /var/log/cron.log
Enumerating Installed Applications and Patch Levels
- Listing all installed packages on a Debian Linux operating system
dpkg -l
Enumerating Readable/Writable Files and Directories
- Listing all world writable directories on Linux
find / -writable -type d 2>/dev/null
Enumerating Unmounted Disks
- Listing content of /etc/fstab and all mounted drives on Linux
cat /etc/fstab
mount
- Listing all available drives
lsblk
Enumerating Device Drivers and Kernel Modules
- Listing loaded drivers on Linux
lsmod
- Listing additional information about a module on Linux
/sbin/modinfo $DRIVER
Enumerating Binaries That AutoElevate
- List all files with SUID
unix-privesc-check standard
./unix-privesc-check standard
linpeas.sh
./linpeas.sh