abraidotti/0xConda-linux-priv-esc.md

Last active February 28, 2022 06:20

Star (5) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/abraidotti/c071073af48f0771e20c749b89a18790.js"></script>
Save abraidotti/c071073af48f0771e20c749b89a18790 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

0xConda-linux-priv-esc.md

0xConda's Linux Privilege Escalation mindmap

Credential Access

reused passwords
credentials from configuration files
credentials from local db
credentials from bash history
ssh keys
sudo access
group privileges (docker, LXD, etc)

Exploit

services running on localhost
kernel version
binary file versions

Misconfiguration

cron jobs
- writeable cron job
- writeable cron job dependency (file, python library, etc)
SUID/SGID files
interesting capabilities on binary
sensitive files - writeable
- /etc/passwd
- /etc/shadow
- /etc/sudoers
- configuration files
sensitive files - readable
- /etc/shadow
- /root/.ssh/id_rsa (ssh private keys)
writeable PATH
- root $PATH variable
- directory in PATH is writeable
LD_PRELOAD set in /etc/sudoers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment