Skip to content

Instantly share code, notes, and snippets.

@abraidotti

abraidotti/0xConda-linux-priv-esc.md

Last active February 28, 2022 06:20
Show Gist options
  • Save abraidotti/c071073af48f0771e20c749b89a18790 to your computer and use it in GitHub Desktop.
Save abraidotti/c071073af48f0771e20c749b89a18790 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
0xConda-linux-priv-esc.md

0xConda's Linux Privilege Escalation mindmap

source 😽

Credential Access

  • reused passwords

  • credentials from configuration files

  • credentials from local db

  • credentials from bash history

  • ssh keys

  • sudo access

  • group privileges (docker, LXD, etc)

Exploit

  • services running on localhost

  • kernel version

  • binary file versions

Misconfiguration

  • cron jobs

    • writeable cron job

    • writeable cron job dependency (file, python library, etc)

  • SUID/SGID files

  • interesting capabilities on binary

  • sensitive files - writeable

    • /etc/passwd

    • /etc/shadow

    • /etc/sudoers

    • configuration files

  • sensitive files - readable

    • /etc/shadow

    • /root/.ssh/id_rsa (ssh private keys)

  • writeable PATH

    • root $PATH variable

    • directory in PATH is writeable

  • LD_PRELOAD set in /etc/sudoers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment