Privilege escalation
After exploitation - interesting cmd's
Linpeass
Using tools like linpeas.sh automates the enumeration process, making it more efficient and comprehensive.
Download LinPeass rom github
Transfer Linpeas to the victims machine
Execute from memory and send output back to the host
Analyze the Red findings
Go to GTFOBins
Type program that is a SUID and try things out, for example python sudo:
python -c 'import os; os.system("/bin/sh")'
CVE-2021-3493 - Ubuntu kernel priv escalation
Affected versions
Ubuntu 20.10
Ubuntu 20.04 LTS
Ubuntu 19.04
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Ubuntu 14.04 ESM
If the target is one of the ubuntu version above, it will be affected by the Overlays privilege escalation vulnerability from which you can use the exploit below:
You have to complie the tool first with:
Shadow File
Copy /etc/passwd
Copy /etc/shadow
Merge the files with unshadow tool
Crack the passwords offline with John
DirtyCowl - 2016-5195
Check all executables that we can execute as sudo:
Once identified, try one of them, check the Gtfobins resource for available exploits
Check the sudo privileges we might have as current user:
If we can execute a binary with root privileges, we can check on gtfonbins how we can get root access through that executable
Check the crontabs
If we can find a executable script where we can right, we might use it in order to add all users to
/etc/sudoers
Last updated
