Skip to content

Instantly share code, notes, and snippets.

@abraidotti
Created January 20, 2022 15:15
Show Gist options
  • Save abraidotti/03f5c8499e5862f545e246f66232393a to your computer and use it in GitHub Desktop.
Save abraidotti/03f5c8499e5862f545e246f66232393a to your computer and use it in GitHub Desktop.
OxConda's Linux Privileg Escalation mind map
# 0xConda's Linux Privilege Escalation mindmap
## Credential Access
- reused passwords
- credentials from configuration files
- credentials from local db
- credentials from bash history
- ssh keys
- sudo access
- group privileges (docker, LXD, etc)
## Exploit
- services running on localhost
- kernel version
- binary file versions
## Misconfiguration
- cron jobs
- writeable cron job
- writeable cron job dependency (file, python library, etc)
- SUID/SGID files
- interesting capabilities on binary
- sensitive files - writeable
- /etc/passwd
- /etc/shadow
- /etc/sudoers
- configuration files
- sensitive files - readable
- /etc/shadow
- /root/.ssh/id_rsa (ssh private keys)
- writeable PATH
- root $PATH variable
- directory in PATH is writeable
- LD_PRELOAD set in /etc/sudoers
[source](https://twitter.com/0xConda/status/1484147709636485123)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment