โœจ
privesc
Checklist - Courtesy of HackTricks
System
1
hostname
2
uname -a
3
cat /proc/version
4
cat /etc/issue
5
lscpu
Copied!
Services
1
ps aux
2
ps aux | grep root
3
find / -perm -u=s -type f 2>/dev/null #(finds all perms with s)
4
ls -la /etc/cron.daily/
5
โ€‹
Copied!
Users
1
whoami
2
id
3
ps au
4
ls -la /home/
5
ls -l ~/.ssh
6
cat /etc/passwd | cut -d : -f 1
7
cat /etc/shadow
8
cat /etc/group
9
history
10
sudo su -
Copied!
Network
1
ifconfig | ip a
2
ip route
3
arp a | ip neigh
4
netstat -ano
Copied!
passwords
1
grep --color=auto -rnw '/' -ie "PASSWORD=" --color==always 2> /dev/null
2
locate password | more
3
find / -name '*yourtstring*'
4
find / -name authorized_keys
5
find / -name id_rsa 2> /dev/null
6
find . -writable (For all files under the current directory that are writable by the current user)
7
find . ! -writable
8
find / -type d \( -perm -g+w -or -perm -o+w \) -exec ls -adl {} \;
9
โ€‹
10
find/ -path /proc -prune -o -type d -perm -o+w 2>/dev/null #find writable dirs
11
find/ -path /proc -prune -o -type f -perm -o+w 2>/dev/null #find writable files
Copied!
Writable checks on
1
/dev/shm
2
/tmp/
3
/var/tmp
4
/var/spool/vbox
5
/var/spool/samba
Copied!
Tools
  1. 1.
    PEAS-NG (LinPEAS)
  2. 2.
    Linenum.sh
  3. 3.
    Linux Exploit Suggester
  4. 4.
    Linuxprivchecker.py
  5. 5.
    GTFO bins
  6. 6.
    GTFO bins tool
โ€‹
Copy link