Created
January 20, 2022 15:15
-
-
Save abraidotti/03f5c8499e5862f545e246f66232393a to your computer and use it in GitHub Desktop.
OxConda's Linux Privileg Escalation mind map
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 0xConda's Linux Privilege Escalation mindmap | |
| ## Credential Access | |
| - reused passwords | |
| - credentials from configuration files | |
| - credentials from local db | |
| - credentials from bash history | |
| - ssh keys | |
| - sudo access | |
| - group privileges (docker, LXD, etc) | |
| ## Exploit | |
| - services running on localhost | |
| - kernel version | |
| - binary file versions | |
| ## Misconfiguration | |
| - cron jobs | |
| - writeable cron job | |
| - writeable cron job dependency (file, python library, etc) | |
| - SUID/SGID files | |
| - interesting capabilities on binary | |
| - sensitive files - writeable | |
| - /etc/passwd | |
| - /etc/shadow | |
| - /etc/sudoers | |
| - configuration files | |
| - sensitive files - readable | |
| - /etc/shadow | |
| - /root/.ssh/id_rsa (ssh private keys) | |
| - writeable PATH | |
| - root $PATH variable | |
| - directory in PATH is writeable | |
| - LD_PRELOAD set in /etc/sudoers | |
| [source](https://twitter.com/0xConda/status/1484147709636485123) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment