-->

Oscp - Linux Priviledge Escalation

Oscp - Linux Priviledge Escalation

Information Gathering

+ Get OS information
cat /etc/issue cat /etc/*-release cat /proc/version uname -a rpm -q inwardness dmesg | grep Linux ls /boot | grep vmlinuz- lsb_release -a
+ Check sudoers
sudo -l  cat /etc/sudoers
+ Check password files
Check for misconfigurations - i.e Is shadow readable? Is passwd writeable?
cat /etc/passwd cat /etc/shadow ls -l /etc/passwd ls -l /etc/shadow
+ Learn your environment
Search for misconfigured PATH variables. Do they prioritize searching for executable files from a non-secure (i.e. world-writeable) path?
cat /etc/profile cat /etc/bashrc cat  /.bash_profile cat  /.bashrc cat  /.bash_logout cat  /.bash_history env set
+ Check history files
You mightiness detect plaintext passwords inwards in that place
cat  /.*_history
+ Check cronjobs
Search for jobs using programs that run alongside rootage privileges as well as are potentially write-accessible past times low-privileged users
crontab -l ls -alh /var/spool/cron ls -al /etc/ | grep cron ls -al /etc/cron* cat /etc/cron* cat /etc/at.allow cat /etc/at.deny cat /etc/cron.allow cat /etc/cron.deny cat /etc/crontab cat /etc/anacrontab cat /var/spool/cron/crontabs/root
+ Check processes running every bit rootage for vulnerabilities
ps aux | grep rootage ps -ef | grep root
+ Search files for plaintext credentials
grep -ir user * grep -ir transcend *
+ Find writable configuration files
find /etc/ -writable -type f 2>/dev/null
+ Run privesc scripts
LinEnum - https://www.rebootuser.com/?p=1758 linuxprivchecker.py - http://www.securitysift.com/download/linuxprivchecker.py unix-privesc-check - https://github.com/pentestmonkey/unix-privesc-check

Escaping jail shells

python -c 'import pty;pty.spawn("/bin/bash")'  echo os.system('/bin/bash') /bin/sh -i

Resources

Blogger
Disqus
Pilih Sistem Komentar

No comments

Advertiser