🤖
Guides
  • Introduction
  • Beginners
    • Getting Started
  • Guides
    • SQLi Walkthrough
    • My First BoF
    • OSCP Buffer Overflow Guide (Windows)
    • Parrot OS customisation
    • Terminal Customisation
    • Video Guides
  • Cheat Sheets
    • Reverse Shells
    • Tunnelling, Pivoting and Proxies
    • SQL Injection
      • WAF Bypass
      • SQLMap
      • DBMS Cheatsheets
        • MSSQL
        • MySQL
        • Oracle
        • SQLite
        • PostgreSQL
      • References
    • Bash Cheat Sheets
      • Terminal
      • Find
      • Grep
      • Sed
      • Awk
      • Xargs
      • System
      • Download
      • Networking
      • Hardware
      • Variable
      • Math
      • Data Manipulation
      • Random
      • Time
      • Condition and Loop
      • Other
    • OSINT
    • Ping Sweeps
  • Methodologies
    • VOIP Checklist
    • OWASP v4 Checklist
    • External Inf
    • Internal Infrastructure
  • Linux
    • Checklist - Linux Priv Esc
  • Windows
    • Checklist - Windows Priv Esc
  • Things to do/look at
Powered by GitBook
On this page
  • Best tool to look for Linux local privilege escalation vectors: LinPEAS
  • System Information
  • Drives
  • Installed Software
  • Processes
  • Scheduled/Cron jobs?
  • Services
  • Timers
  • Sockets
  • D-Bus
  • Network
  • Users
  • Writable PATH
  • SUDO and SUID commands
  • Capabilities
  • ACLs
  • Open Shell sessions
  • SSH
  • Interesting Files
  • Writable Files
  • Other tricks

Was this helpful?

  1. Linux

Checklist - Linux Priv Esc

https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist

PreviousInternal InfrastructureNextChecklist - Windows Priv Esc

Last updated 4 years ago

Was this helpful?

Best tool to look for Linux local privilege escalation vectors:

Check for installed

Check for installed

Is the being modified by some cron and you can write in it?

Any in a cron job?

Some is being executed or is inside modifiable folder?

Have you detected that some script could be being ? (every 1, 2 or 5 minutes)

Can you you belong to?

Can you execute any comand with sudo? Can you use it to READ, WRITE or EXECUTE anything as root? ()

Is any exploitable suid binary? ()

Are ?

? Bypass

from a writable folder?

? ?

Can you ?

Can you ?

command

Debian

Can you ?

Can you

Do you need to

LinPEAS
System Information
PATH
env variables
kernel exploits
sudo version is vulnerable
Dmesg signature verification failed
date, system stats, cpu info, printers
Enumerate more defenses
Drives
Installed Software
useful software
vulnerable software
Processes
Scheduled/Cron jobs?
PATH
wildcard
modifiable script
executed very frequently
Services
Timers
Sockets
D-Bus
Network
Users
escalate privileges thanks to a group
Writable PATH
SUDO and SUID commands
GTFOBins
GTFOBins
sudo commands limited by path? can you bypass the restrictions
Sudo/SUID binary without path indicated?
SUID binary specifying path
LD_PRELOAD vuln
Lack of .so library in SUID binary
SUDO tokens available
Can you create a SUDO token
read or modify sudoers files
modify /etc/ld.so.conf.d/
OpenBSD DOAS
Capabilities
ACLs
Open Shell sessions
SSH
OpenSSL Predictable PRNG - CVE-2008-0166
SSH Interesting configuration values
Interesting Files
Writable Files
write in ini, int.d, systemd or rc.d files
Other tricks
abuse NFS to escalate privileges?
escape from a restrictive shell?