Checklist - Linux Privilege Escalation

If you want to know about my latest modifications/additions or you have any suggestion for HackTricks or PEASS, join the , or follow me on Twitter . If you want to share some tricks with the community you can also submit pull requests to that will be reflected in this book and don't forget to give ⭐ on github to motivate me to continue developing this book.

Melhor ferramenta para encontrar vetores de escalação de privilégio em Linux: ****

• Pegar informações do sistema

• Checar o , algum diretório gravável?

• Checar , alguma informação sensível?

• Procure por usando scripts (DirtyCow?)

• Cheque se a

• **** error?

• Enumerar mais o sistema ()

• Listar dispositovos montados

• Algum dispositivo não montado?

• Alguma credencial no fstab?

• Tem algum programa desconhecido rodando?

• Tem algum programa rodando com maior privilégio do que deveria?

• Procure por exploits para os processos rodando (especialmente as versões)

• Você pode modificar o binário de algum processo rodando?

• Monitorar processos e checar se tem algum processo interessante rodando frequentemente

• Você pode ler algo interessante na memória do processo (Onde senhas podem ser salvas)?

• Algum arquivo .service com permissão de esrita?

• Any writable binary executed by a service?

• Any writable folder in systemd PATH?

• Any writable timer?

• Any writable .socket file?

• Can you communicate with any socket?

• HTTP sockets with interesting info?

• Can you communicate with any D-Bus?

• Enumerate the network to know where you are

• Open ports you couldn't access before getting a shell inside the machine?

• Can you sniff traffic using tcpdump?

• Generic users/groups enumeration

• Do you have a very big UID? Is the machine vulnerable?

• Clipboard data?

• Password Policy?

• Try to use every known password that you have discovered previously to login with each possible user. Try to login also without password.

• If you have write privileges over some folder in PATH you may be able to escalate privileges

• Tem algum binário com alguma capability não esperada?

• Has any file any unexpected ACL?

• screen?

• tmux?

• Profile files - Read sensitive data? Write to privesc?

• passwd/shadow files - Read sensitive data? Write to privesc?

• Check commonly interesting folders for sensitive data

• Weird Localtion/Owned files, you may have access or alter executable files

• Modified in last mins

• Sqlite DB files

• Hidden files

• Script/Binaries in PATH

• Web files (passwords?)

• Backups?

• Known files that contains passwords: Use Linpeas and LaZagne

• Generic search

• Modify python library to execute arbitrary commands?

• Can you modify log files? Logtotten exploit

• Can you modify /etc/sysconfig/network-scripts/? Centos/Redhat exploit